Running a WordPress site in HTTPS mode can be a pain. Securing the entire site isn’t too difficult, but if you only have a few pages that need to be secured, it can be tricky.
After releasing WP-Invoice I’ve received feedback that people were getting “SSL broken padlock” warning on their secured web invoice pages. The problem is caused by other plugins linking to external files: JavaScript, CSS, etc.
WP-Invoice automatically converts all the tags within your theme to use HTTPS when in secure mode, but it can’t modify other plugins, and that is why we have a problem. The best way to fix this is by modifying your theme.
The following code should go into your header.php file, within your theme folder. Find the <?php wp_head(); ?> function, and copy and paste the code in place of it. The script will replace every single instance of “http://” with “https://” in , which is where other plugins place their code into, if the site is being opened in secure mode. This isn’t the perfect solution, but it will take care of your broken padlock.
// Take everything wp_head() outputs, and put it into a variable called $wp_header;
ob_start();
wp_head();
$wp_header = ob_get_contents();
ob_end_clean();
// If were are in HTTPS mode, then replace all links in the $wp_header;
if($_SERVER['HTTPS']) { $wp_header = str_replace("http://","https://",$wp_header); }
// Dsiplay the $wp_header, or what used to be wp_head();
echo $wp_header;
Getting WordPress Plugins to play nice with HTTPS
Running a WordPress site in HTTPS mode can be a pain. Securing the entire site isn’t too difficult, but if you only have a few pages that need to be secured, it can be tricky.
After releasing WP-Invoice I’ve received feedback that people were getting “SSL broken padlock” warning on their secured web invoice pages. The problem is caused by other plugins linking to external files: JavaScript, CSS, etc.
WP-Invoice automatically converts all the tags within your theme to use HTTPS when in secure mode, but it can’t modify other plugins, and that is why we have a problem. The best way to fix this is by modifying your theme.
The following code should go into your header.php file, within your theme folder. Find the <?php wp_head(); ?> function, and copy and paste the code in place of it. The script will replace every single instance of “http://” with “https://” in , which is where other plugins place their code into, if the site is being opened in secure mode. This isn’t the perfect solution, but it will take care of your broken padlock.
// Take everything wp_head() outputs, and put it into a variable called $wp_header; ob_start(); wp_head(); $wp_header = ob_get_contents(); ob_end_clean(); // If were are in HTTPS mode, then replace all links in the $wp_header; if($_SERVER['HTTPS']) { $wp_header = str_replace("http://","https://",$wp_header); } // Dsiplay the $wp_header, or what used to be wp_head(); echo $wp_header;