Changing from http to https - issues

#1

Hi,

Looking for some help.

I have a site that is using S2member and it works well. TI recently had to add additional user roles so uploaded the plugin capability manager and added some “author” roles and again everything was working well.

I have now tried to update the site to https using the following steps:

  1. bought and installed an SSL certificate
  2. changed the site and WordPress URLs to https
    3)Having done this people using a login for the author role couldn’t login.
    This appeared to be an issue with S2member Login welcome page which is set to a special redirection URL which was using http. I changed this to https.
    4)I also set the always redirect non-administrative users (after login) using http to “No”
    5)I then tried to change the URL for the logo image and the URL on the S2member settings for the customised login page.

Everything appeared to be OK until I tried to log out and couldn’t (kept me logged in) and the wp-login.php page states “Forbidden you do cannot access this page”.

I eventually disabled S2member via FTP and got the site running again by changing everything back to http.

I’m not sure if one or more than one of the steps above caused the 403 Forbidden error but before I start again I am looking for some help to ensure I’m taking the right steps and not missing anything.

Can someone advise as to make the change?

Thanks,

Elaine

#2

Are you saying that only the Users with the Author role could not log in? I don’t understand why having a Special Redirection URI set to HTTP rather than HTTPS would only affect a subset of Users.

In any case, I make these changes one step at a time, testing thoroughly after each change.

  1. Change always redirect non-administrative users (after login) using HTTP to “No”. Make sure all Users can log in and are redirected appropriately.
  2. Add the Authors capability/role. Test not only the Authors abilities to log in and access the correct areas of the sites, but normal Members and Administrators as well.
  3. Test the site with HTTPS-enabled.
  4. If all goes well with step 3, change the URL and Logo Image (I’m assuming you were changing these to an HTTPS url?). Make sure everything still works for all Users.
  5. Enforce SSL. Again test all Users.
#3

Hi Pat,

Thanks for your comments.

Re: was it just authors role
At the point in my timeline yes. I believed this was to do with the S2member Login welcome page which is set to a special redirection URL which was using http. I changed this to https and authors could login again. Authors don’t have an S2member level and on login the site was sending them to Level 4. I could login as an admin.

Should the S2member Login welcome page be changed to https?

The Authors role and logins are already setup for a number of people - is this going to cause an issue?

When you say:

  1. Test the site with HTTPS enabled.
    Do you mean chnage the site and WordPress URL under settings?

  2. Enforce SSL.
    Do you mean add code to htaccess file?

Thanks,

Elaine

#4

Do you have an s2Member Level you could assign the Author’s role? This is correct behavior even though it is not what you want.

EVERYTHING should be changed to HTTPS after you’ve tested that the site works in HTTPS. You should not have to change it separately

Since they don’t have an s2Member Level, that may indeed cause an issue since your special redirection URIs are based on Membership Level.

  1. Test the site with HTTPS enabled.

Yes.

Take a look at this article for the proper way to enforce SSL with WordPress. https://premium.wpmudev.org/blog/ssl-https-wordpress/

I understand this is a hassle, but keep in mind that at some point in 2017 WordPress is going to require SSL in order for WordPress to function.

1 Like