wordpress blog hosted with openshift security issue - openshift

I have hosted my wordpress blog with openshift. I have a custom domain yourtechchick.com which is mapped to Cname your-techchick.rhcloud.com .
I am using the basic plan and can not upload custom SSL certificate.
How do I redirect https to http so that user never actually has to see security risk or no security certificate risk?
I tried editing .htaccess to redirect http to https but it gives too many redirects or redirect loop in that case.
How do I fix this?

You need to edit your wp-config.php file. You can edit it from the wp dashboard or through ftp.
Find the line that says:
define( 'force_SSL', true );
Change "true" to "false" and save it.
This will disable HTTPS.

Related

Google Chrome: how to bypass SSL check for develop purpose

I need to test a web application on localhost with a custom domain name es: my.domain.com using the HTTPS protocol (I'm using self signed certs).
I've setup a vhost in my httpd.conf and added an entry to my /etc/hosts file
127.0.0.1 my.domain.com
But Google Chrome block with an ERR_SSL_PROTOCOL_ERROR "this site can't provide a secure connection".
I tried to disable the security checks into the Chrome settings but nothing changed still got the ERR_SSL_PROTOCOL_ERROR problem.
Is it possibile to bypass this thing for develop purpose only?
Important: I can't change my domain name because of settings in order to make a Single Sign On works
Thanks

HTTPS migration

I recently migrated a website to HTTPS using an AutoSSL tool on bluehost. I see some distortions in the content like missing background colors, table displacements, missing_logos etc.
Does anyone know how styling can get effected with HTTPS migration effect?
If you access a website using HTTPS, the browser will block resource requests using HTTP. You should load all resources securely over HTTPS.
You can edit .htaccess file. And to migrate your traffic from HTTP to HTTPS, you require a redirect rule.
So, it's obvious to use .htaccess. I hope you know how to edit such a file.
I will suggest you check this Article How to Force SSL and Manage the non-SSL Page Using cPanel

wordpress homepage both http and https set default as https

Is there a way to allow access to http:// and https:// on the HOMEPAGE of wordpress site? the default should be https://. So when I type example.com it should redirect to https://example.com but when I enter http://example.com it should not redirect to any link and just use the http version. All links to the images inside the pages should be https://
I have a UC SSL certificate from godaddy
If you want to use just https without any SSL then browsers may often identify you as malware it is recomended not to use this work, but if you are insisting on your decision, so you can edit your .htaccess file and tell which urls you want to be https and which you dont want.and you should change your port thats not easy work...
Again i suggest you not to use this work, cause useing https and http without any ssl is not useful...
Good luck

Can we re-direct to our application if an external url is hit

I am using go-gin and its html template rendering engine but this question is generic. My application has a login page at https://localhost:8080/login. I use a third-party url in my application which re-directs me to another url. (eg:https://example.com). How can I force redirect to https://localhost:8080/login if https://example.com is hit?
External URLs (links to a site from outside your server) can not be redirected to localhost.
You have to use your server IP instead of https://localhost:8080 or map example.com to your localhost. Mapping from your domain to your localhost
Update DNS records for example.com
Inside your go-gin application set router to redirect to /login by HTTP referer or some other way.

SSL and FTP url on HTML file with username and password

I have a doubt with one request/response across Web Browser and Server with SSL Certificate. Please, imagine the following case (similar question here):
I want that the server, response a HTML to the user (in his/her browser) with access to one file in the FTP, for example:
Download file
In this case, accessing with Anonymous user not generate any problem to access to this file, but if the user has a access with username and password, put this on HTML, it will not be very secure, example:
Download file
I want to prevent that this response with this username and password tag between the server and the user would be catched by "Someone" and get the Username and Password of the user.
The SSL certificate can solved this? Or the best way to do this is create a directory with username and password only with read properties?
Yes, SSL will make it more secure because your communication with the server will be encrypted. It is even better if you have a web server (an API endpoint for instance) receiving the requests from your frontend, contacting the FTP server, getting the file, and responding back with it. This way, the frontend does not need to know about the FTP server. Another good idea is to hash the password before sending it.
Serving the page containing the passwords with SSL (i.e. HTTPS) helps to protect the passwords inside the page. But, the links you provide are for FTP sites and the passwords will be sent unprotected if the user follows the FTP link since ftp:// itself does not use SSL. While there is FTP with SSL (FTPS) it is not commonly implemented in the browsers so you cannot use it. The best would be to serve the files with HTTPS too instead of FTP.