WordPress 将所有 HTTPS 重定向到 HTTP
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32855861/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
WordPress redirect all HTTPS to HTTP
提问by user1251762
We have a WordPress site, and used to have an SSL certificate. The site used to be all HTTPS, and now we don't need the SSL anymore so we let it expire.
我们有一个 WordPress 站点,并且曾经拥有 SSL 证书。该站点以前都是 HTTPS,现在我们不再需要 SSL,因此我们让它过期。
We've already changed the Site Addressand WordPress Addressin the admin panel to be http://example.com.
我们已经将管理面板中的站点地址和WordPress 地址更改为http://example.com.
We have several links out in the wild that link back to us with https://and if the user accesses the site with https://the site breaks or the user gets a warning message in their browser.
https://如果用户访问该站点时https://站点中断,或者用户在其浏览器中收到警告消息,我们会在野外提供多个链接,这些链接会返回给我们。
Bottom line, we need to redirect all https://traffic to http://.
最重要的是,我们需要将所有https://流量重定向到http://.
I tried couple of plugins (no luck):
我尝试了几个插件(运气不好):
and even changed the .htaccessfile (still no luck)
甚至更改了.htaccess文件(仍然没有运气)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/ [R=301,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Not sure what else I need to do.
不知道我还需要做什么。
回答by drew010
The problem here lies with the fact that before Apache or WordPress come in to play, the browser needs to establish a connection with the server over HTTPS by connecting, performing an SSL handshake, exchanging (and verifying) certificates, and only after all that is done, will the browser issue the HTTP request that tells the server what resources it is looking for.
这里的问题在于,在 Apache 或 WordPress 发挥作用之前,浏览器需要通过连接、执行 SSL 握手、交换(和验证)证书来通过 HTTPS 与服务器建立连接,并且只有在所有这些之后完成后,浏览器是否会发出 HTTP 请求,告诉服务器它正在寻找哪些资源。
Because of that, no .htaccess or WordPress plugin is going to be able to redirect the user without them establishing a secure session.
因此,没有 .htaccess 或 WordPress 插件将能够在没有建立安全会话的情况下重定向用户。
Of course if you install a self-signed certificate, the user is going to be presented with a warning before any of this happens. If you by chance (which doesn't seem to be the cast) had been sending Strict Transport Security headers over https, then previous visitors' browsers may not even allow them to connect over HTTP.
当然,如果您安装了自签名证书,则在发生任何这种情况之前,用户都会收到警告。如果您偶然(似乎不是演员)一直通过 https 发送严格的传输安全标头,那么以前访问者的浏览器甚至可能不允许他们通过 HTTP 连接。
If you want to redirect HTTPS traffic to HTTP, unfortunately you are going to have to acquire a valid certificate and redirect using .htaccess or some PHP code as you are.
如果您想将 HTTPS 流量重定向到 HTTP,不幸的是,您将必须获得有效证书并使用 .htaccess 或一些 PHP 代码进行重定向。
If you're looking for certificates that are trusted by a majority of browsers without paying, you can get a free certificate from Let's Encrypt.
如果您正在寻找大多数浏览器信任且无需付费的证书,您可以从Let's Encrypt获取免费证书。
Bottom line, if you want to seamlessly redirect HTTPS traffic to HTTP without any warning messages, you need to install another SSL certificate from a trusted CA.
最重要的是,如果您想在没有任何警告消息的情况下将 HTTPS 流量无缝重定向到 HTTP,您需要从受信任的 CA 安装另一个 SSL 证书。
回答by Higher Coding
Here is an alternative solution you can use if you don't want to edit .htaccess:
如果您不想编辑,可以使用以下替代解决方案.htaccess:
add_action( 'template_redirect', 'nonhttps_template_redirect', 1 );
function nonhttps_template_redirect() {
if ( is_ssl() && !is_admin() ) {
if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_redirect( preg_replace( '|^https://|', 'http://', $_SERVER['REQUEST_URI'] ), 301 );
exit();
} else {
wp_redirect( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
exit();
}
}
}
You can place this at the bottom of your theme functions.php
你可以把它放在你主题的底部 functions.php
回答by Kyle Vassella
Expanding on @HigherCoding 's answer and @MrWhite 's comment, to get a PHP function to do this on a site where the httpsport exists but the ssl certification is invalid, expired or non-existent:
扩展@HigherCoding 的回答和@MrWhite 的评论,在https端口存在但ssl 证书无效、过期或不存在的站点上获得一个PHP 函数来执行此操作:
function shapeSpace_check_https() {
if ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443) {
return true;
}
return false;
}
function bhww_ssl_template_redirect() {
if ( shapeSpace_check_https() ) {
if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_redirect( preg_replace( '|^(https://)|', 'http://', $_SERVER['REQUEST_URI'] ), 301 );
exit();
} else {
wp_redirect( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
exit();
}
}
}
add_action( 'template_redirect', 'bhww_ssl_template_redirect');
This worked on my site in functions.phpand was a combination of these two sources: Source 1and Source 2.
这在我的网站上有效functions.php并且是这两个来源的组合:Source 1和Source 2。
As @drew010 pointed out - this will still not prevent a scary prompt for users who type in httpsas part of your URL. But it will redirect them to httpif they happen to click through the scary prompt, which is unlikely. It seems that getting an SSL certificate is likely the best option for this reason, for general security and for increased Google ranking now & in the future.
正如@drew010 指出的那样 - 这仍然不会阻止https作为 URL 一部分输入的用户的可怕提示。但是,http如果他们碰巧点击可怕的提示,它会将他们重定向到,这是不太可能的。出于这个原因,获得 SSL 证书似乎是最好的选择,无论是为了一般的安全性,还是为了提高现在和未来的 Google 排名。
回答by Mr Oscah
The htaccess way is simple especially if you don't have access to admin area in WordPress.
htaccess 方法很简单,特别是如果您无权访问 WordPress 中的管理区域。
Just paste this below RewriteCond %{HTTPS} on
只需将其粘贴到 RewriteCond %{HTTPS} 下面
RewriteRule (.*) HTTP://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
回答by Mongo
This disables https completely
这将完全禁用 https
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
</IfModule>
This leaves The HTTPS enabled and then uses server VARIABLES to redirect all pages to HTTP:
这将启用 HTTPS,然后使用服务器变量将所有页面重定向到 HTTP:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
Hope this helps you....
希望这对你有帮助......
