Long live HTTPS!

HTTPS encrypted connection

I’ve started from the scratch and get rid of blog sub-folder.

BACKUP PLAN: FORMAT C:\

Then I’ve tried to add again the http to https redirect in .htaccess and got the server unavailable error from CloudFlare. This is because Altervista hosting server was not presenting to CloudFlare any certificates. Soooo… screw redirect, if you want to browse in http, for now, I’ll not force you to go https. Let’s concentrate on flawless https experience by fixing ‘Mixed content’ warning.

MIXED CONTENT

occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection.

Again several solutions:

  • Using the CloudFlare http to https redirect was kinda working, but post featured image was still loaded over http.
  • Finding all http occurrences and replacing with https in entire WordPress source code was again kinda working, but post featured image and add plugin preview frame were still loaded over http. Also, each time when a new version of WordPress came out I need to do update manually, so go back to pristine source code.
  • Using a http to https plugin was kinda working, but external links, like one to gravatar avatar, was still loaded over http. Easily fixed by adding another replace in plugin source, but still kinda hacky.

In extremis I’ve tried the simplest solution: set the WordPress Address (URL) and Site Address (URL) to https://… and it worked! No more ‘Mixed content’ warning! And with added benefit of automatic redirect from http to https!

CONCLUSION

If you deal with a free hosting, don’t overthink and do the simplest thing you can. Otherwise, you get in troubles that you can’t debug and loose your precious time.
If you want to tweak all parameters at your will, get yourself a virtual server, or at least a paid hosting with a good reputation and many personalization options.