Wordpress admin stuck in https, how to turn it off?

Question

The admin side of my wordpress site is stuck in HTTPS and very slow as a result. I am trying to set the admin to HTTP. Here is my setup and what I've tried so far.

Godaddy VPS with Godaddy SSL certificate
In wp-config.php I have: define( 'FORCE_SSL_ADMIN', false );
Tried installing the wordpress-https plugin. The admin https checkbox is greyed out / disabled. Here are the settings on that plugin.
Check httpd.conf and htaccess files for any rewrites - none found.
Server does have Vernish installed - asked Godaddy support to check for any relevant configs in Varnish. None found.
I have tried commenting out code in wp-includes/functions.php based on suggestion here (see comment by user joelbair).
I always flush caches, and sometimes reboot the VPS completely after making changes.

Any suggestions? Could it be related to SSL signing certificates or how SSL was installed on the server initially?

score 5 · Answer 1 · answered Nov 30 '14 at 18:51

5

Was the HTTPS server sending the Strict-Transport-Security header? If so, your browser received instructions to always use HTTPS version of the site. Try opening the HTTP version in another browser, or try clearing your browser cache in an attempt to remove that header's control.

answered Nov 30 '14 at 18:51

anthumchris

8,245
2
28
53

Tried with a different browser, and the redirect to https still in effect. Where would I check about `Strict-Transport-Security`? – ted.strauss Nov 30 '14 at 19:29
You can use Google Chrome dev tools to inspect the server's response headers. http://stackoverflow.com/questions/4423061/view-http-headers-in-google-chrome. – anthumchris Nov 30 '14 at 19:40
So, only url /wp-admin is redirecting to HTTPS but not root url /? In that case, `Strict-Transport-Security` is a non-issue, because that header affects the entire site. Check the `.htaccess` file for any rewrite rules on wp-admin urls – anthumchris Nov 30 '14 at 19:43
As noted about that was one of the first things I did. Are there any other files that perform rewrites like htaccess? Any way to debug that? The apache logs show that URLs are rewritten but not the origin of those rewrites – ted.strauss Nov 30 '14 at 19:48
It's hard to say without actually seeing the URL and responses. What's the URL? – anthumchris Nov 30 '14 at 19:51
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/65913/discussion-between-ted-strauss-and-chris). – ted.strauss Nov 30 '14 at 20:04
The redirect from HTTP to HTTPS happens in WordPress, and not from Apache, because of URL `wp-login.php?redirect_to=https%3A%2F%2Fchicmarie.com%2Fwp-admin%2F&reauth=1`. All efforts should focus on identifying the culprit in PHP files and unsetting/disabling it. – anthumchris Nov 30 '14 at 20:08

score -1 · Answer 2 · answered Nov 30 '14 at 22:57

-1

Install WordPress Force HTTPS plugin.
Change you're WordPress Address (URL) and Site Address (URL) in General Setting to https://yoursite.domain
Clear browser cache

No configuration needed.

answered Nov 30 '14 at 22:57

mitchell

11
1

I get stuck on https://wordpress.org/support/plugin/wordpress-https , so I guest you try another plugins – mitchell Dec 01 '14 at 14:43

Wordpress admin stuck in https, how to turn it off?

2 Answers2