Members redirects to a http url

Members 2 posts 2 voices

  1. Hi

    I have a fully private website with members (together with Profile builder which I deactivated).
    This site is now in https.
    if a user types https://domain.com, she is redirected correctly to https://domain.com/wp-login.php?redirect_to=https%3A%2F%2Fdomain.com%2F&reauth=1

    But if the user only type domain.com, she is redirected to a http url (https://domain.com/wp-login.php?redirect_to=http%3A%2F%2Fdomain.com%2F&reauth=1) and the user can’t login without adding an “s” to the redirection (which most users won’t do!).

    I’ve looked in the Members code and the redirection seems to be done in functions-private-site.php with auth_redirect();.
    And when I look into the WordPress code (https://core.trac.wordpress.org/browser/tags/4.5.3/src/wp-includes/pluggable.php#L0) I see that it should redirect to https when .

    What am I missing ?

    In my .htaccess, I have this (but the problem is the same if it’s not there) :

    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /(.*) HTTP/ [NC]
    RewriteCond %{HTTPS} !=on [NC]
    RewriteRule ^/?(wp-admin/|wp-login.php) https://%{HTTP_HOST}%{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]

    and the wp-config.php contains
    define( 'FORCE_SSL_ADMIN', true );

    Thanks !
    Anne-Laure

  2. Yep, Members just uses the core WP auth_redirect(), so that should work.

    My best guess is that you might have another plugin (or theme) that’s filtering this somewhere. I’d begin disabling all other plugins to see if it corrects the issue.