You should be able to amend those items from the database. In the table wp_options there are the option_names home and siteurl – editing these back to the http version should do the trick. You might also want to check your wp-config.php file for the following: define(‘WP_SITEURL’, ‘https://www.website.com/’); define(‘WP_HOME’, ‘https://www.website.com/’); And remove the ‘s’ here … Read more
I just saw this problem myself on my site. The issue for me was that the site was available as both https://example.com/ and http://example.com. If the first request to a page was for the http version, the links to assets would be to http: http://example.com/wp-content/themes/customizr/assets/front/img/thumb-standard-empty.png http://example.com/wp-content/uploads/… etc. These http asset links would get put into … Read more
Your code redirects the WordPress admin pages to use https (which will work fine), and then sets the site and WordPress addresses (which may auto redirect some pages). Note that FORCE_SSL_LOGIN was deprecated in WordPress version 4.0 (https://codex.wordpress.org/Administration_Over_SSL) You can force the whole site to use SSL using .htaccess (note to cover WordPress installs to … Read more
SSL Partially breaking admin panel and elementor
I was able to figure out that because Lightsail uses a Bitnami deployment of WordPress, Bitnami overrides the .htaccess file. Instead you have to update the /opt/bitnami/apache2/conf/httpd.conf file by adding the following content: <IfModule headers_module> <IfVersion >= 2.4.7 > Header always setifempty X-Frame-Options ALLOW-FROM https://*.example.com </IfVersion> <IfVersion < 2.4.7 > Header always merge X-Frame-Options ALLOW-FROM … Read more
Pretty sure it’s because the official jQuery CDN doesn’t support HTTPS – use Microsoft’s or Google’s instead.
FORCE_SSL_LOGIN is marked as deprecated since 4.0 in source (you might have jumped over that bit). So it does now force all of admin to SSL and past behavior for it seems to no longer be available.
Once you have https for admin users you need to have https on the front end as wellat least for the logged-in users as their authentication cookies will be sent in clear text when they access the front end and 3rd parties will be able to duplicate them and use them to get into the … Read more
Switch to full SSL for everything. Seriously, it’s way easier than dealing with mixed content.
First one of your variations is the cleanest. You can test your htaccess rewrite rules here: https://htaccess.madewithlove.be/ Important thing about R=301, this means the redirection is permanent.