It is probably possible, but if you do it the security impact is like not using ssl at all unless all you want to protect is your user and password and don’t care much about protecting against actual hacking into the site. While user and password are sent only as part of the login form, … Read more
I’ll answer this in two steps… Do You Need an SSL Cert for Each Subdomain ? Yes and No, it depends. Your standard SSL certificate will be for single domain, say www.domain.example. There are different types of certs you can aside from the standard single domain cert: wildcard and multi domain certs. A wild card … Read more
There isn’t a proper https/SSL variant of the link you have given, so probably, likely you are getting problems when enforcing it – no matter how you do it. I strongly assume that is the reason why the “unsecure” URL is used in the first place. From comment: So does this mean it is impossible … Read more
Is the site running on Apache? If so you could put this in your .htaccess file <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L] </IfModule> also if you need SSL in your admin area and login pages put this into wp-config.php define(‘FORCE_SSL_ADMIN’, true); here’s another way that is more generic: RewriteEngine On … Read more
As per OP’s comment: Yes, I have self signed using OpenSSL, now I have the site opening on HTTPS but in browser it still says connection not secure where it is showing HTTPS in the address bar. In that case, it sounds like some links are being called through HTTP while other are being called … Read more
There is no fail proof way to know if the site support https without actually trying to send a request over https to it (wp_get_remote for example). HTTPS traffic can be terminated on a load balancer and the traffic between it and wordpress done over http, therefor it is not obvious you will find any … Read more
There is a feature that you can use in wp-config that relates to disabling plugin and theme updates. You can try it out and see if it helps. define( ‘DISALLOW_FILE_MODS’, true ); You can learn more about this feature in the codex.
Normally you never have to use your domain in your php code for plugins / themes. There are many functions like get_home_url() which automatically fetches the domain from configuration and is also protocol agnostic if you don’t force a protocol via the third parameter $scheme. The function get_home_url() internally uses is_ssl() and the option value … Read more
crt and key files represent both parts of a certificate, key being the private key to the certificate and crt being the signed certificate. It’s only one of the ways to generate certs, another way would be having both inside a pem file or another in a p12 container. You have several ways to generate … Read more
I managed to configure a shared dedicated hosting on a single IP with nginx. Default HTTP and HTTPS serving a 404 for unknown domains incoming. 1 – Create a default zone As nginx is loading vhosts in ascii order, you should create a 00-default file/symbolic link into your /etc/nginx/sites-enabled. 2 – Fill the default zone … Read more