WordPress将所有HTTPS重定向到HTTP [英] WordPress redirect all HTTPS to HTTP

问题描述

我们有一个WordPress网站，并且曾经拥有SSL证书。
该站点以前都是HTTPS，现在我们不再需要SSL，因此我们让它过期。

We have a WordPress site, and used to have an SSL certificate. The site used to be all HTTPS, and now we don't need the SSL anymore so we let it expire.

我们已经更改了<在管理面板中将em>站点地址和 WordPress地址设置为 http://example.com 。

We've already changed the Site Address and WordPress Address in the admin panel to be http://example.com.

我们在野外有几个链接，可以通过 https：// 链接回我们，如果用户使用 https：// 网站中断或用户在浏览器中收到警告消息。

We have several links out in the wild that link back to us with https:// and if the user accesses the site with https:// the site breaks or the user gets a warning message in their browser.

底线，我们需要将所有 https：// 流量重定向到 http：// 。

Bottom line, we need to redirect all https:// traffic to http://.

我尝试了几个插件（没有运气）：

I tried couple of plugins (no luck):

• https://wordpress.org/plugins/force-non-ssl/


• https://wordpress.org/plugins/wp-force-http/

• https://wordpress.org/plugins/force-non-ssl/
• https://wordpress.org/plugins/wp-force-http/

甚至更改了t他 .htaccess 文件（仍然没有运气）

and even changed the .htaccess file (still no luck)

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

不确定我还需要做什么。

Not sure what else I need to do.

推荐答案

这里的问题在于，在使用Apache或WordPress之前，浏览器需要通过连接，执行SSL握手，通过HTTPS与服务器建立连接，交换（和验证）证书，并且只有在完成所有这些操作之后，浏览器才会发出HTTP请求，该请求告诉服务器它正在寻找什么资源。

The problem here lies with the fact that before Apache or WordPress come in to play, the browser needs to establish a connection with the server over HTTPS by connecting, performing an SSL handshake, exchanging (and verifying) certificates, and only after all that is done, will the browser issue the HTTP request that tells the server what resources it is looking for.

那，没有他们的.htaccess或WordPress插件就无法重定向用户，而无需他们建立安全的会话。

Because of that, no .htaccess or WordPress plugin is going to be able to redirect the user without them establishing a secure session.

当然，如果您安装了自签名证书，在发生任何此类情况之前，将向用户显示警告。如果您是偶然的（似乎不是演员）曾经通过https发送严格传输安全标头，那么以前的访问者的浏览器甚至可能不允许他们通过HTTP连接。

Of course if you install a self-signed certificate, the user is going to be presented with a warning before any of this happens. If you by chance (which doesn't seem to be the cast) had been sending Strict Transport Security headers over https, then previous visitors' browsers may not even allow them to connect over HTTP.

如果要将HTTPS流量重定向到HTTP，不幸的是，您将必须获取有效证书并使用.htaccess或某些PHP代码进行重定向。

If you want to redirect HTTPS traffic to HTTP, unfortunately you are going to have to acquire a valid certificate and redirect using .htaccess or some PHP code as you are.

如果您要查找大多数浏览器信任的证书而无需付费，则可以从加密。

If you're looking for certificates that are trusted by a majority of browsers without paying, you can get a free certificate from Let's Encrypt.

最重要的是，如果您想将HTTPS通信无缝重定向到HTTP而没有任何警告消息，则需要安装另一个SSL证书来自受信任的CA。

这篇关于WordPress将所有HTTPS重定向到HTTP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！