Currently have W3 Total Cache Installed on a WordPress Installation. The entire site is https:// enabled, however occasionally the cache grabs a page that is sourced from http://. This cached page includes references to JS and CSS files that are also sourced from http, and when the cached page is loaded over https, these assets fail to load.
Anyone know how to keep this plugin from caching non-secure content?
You can not disable caching of http requests in W3 Total Cache. Only caching of https requests can be enabled/disabled, at Page Cache | General | Cache SSL (https) requests checkbox. So, I guess you should try to solve this problem by other means.
If your entire installation is configured for https and http requests are totally undesirable, add the following lines to your WordPress .htaccess file:
# **************************************************************************
# Redirect HTTP to HTTPS
# **************************************************************************
RewriteCond %{HTTPS} =off
RewriteCond %{REQUEST_URI} ^(.*)$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=temporary,L]
The code above will redirect all HTTP requests to their equivalents in HTTPS protocol. This way, WordPress will never produce any insecure page and, as a consequence, W3 Total Cache will not put in its cache this sort of page.
By the way: the use of "temporary" instead of "permanent" in the code is proposital: it aims to avoid a terrible problem involving browser caches when, for any reason, you have to return to http requests (an expired certificate, etc.) - see 301 Redirects: The Horror That Cannot Be Uncached and How long do browsers cache HTTP 301s?
