WordPress 将所有 HTTPS 重定向到 HTTP [英] WordPress redirect all HTTPS to HTTP

问题描述

我们有一个 WordPress 站点，并且曾经拥有 SSL 证书.该网站以前都是 HTTPS，现在我们不再需要 SSL，所以我们让它过期.

We have a WordPress site, and used to have an SSL certificate. The site used to be all HTTPS, and now we don't need the SSL anymore so we let it expire.

我们已经将管理面板中的站点地址和WordPress地址更改为http://example.com.

We've already changed the Site Address and WordPress Address in the admin panel to be http://example.com.

我们在野外有几个链接，它们通过 https:// 链接回我们，如果用户使用 https:// 访问该站点，则该站点会中断或者用户在浏览器中收到警告消息.

We have several links out in the wild that link back to us with https:// and if the user accesses the site with https:// the site breaks or the user gets a warning message in their browser.

最重要的是，我们需要将所有 https:// 流量重定向到 http://.

Bottom line, we need to redirect all https:// traffic to http://.

我尝试了几个插件(运气不好):

I tried couple of plugins (no luck):

• https://wordpress.org/plugins/force-non-ssl/
• https://wordpress.org/plugins/wp-force-http/

甚至更改了 .htaccess 文件(仍然没有运气)

and even changed the .htaccess file (still no luck)

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

不确定我还需要做什么.

Not sure what else I need to do.

推荐答案

这里的问题在于，在 Apache 或 WordPress 出现之前，浏览器需要通过 HTTPS 与服务器建立连接，通过连接、执行SSL 握手，交换(和验证)证书，只有在所有这些完成之后，浏览器才会发出 HTTP 请求，告诉服务器它正在寻找什么资源.

The problem here lies with the fact that before Apache or WordPress come in to play, the browser needs to establish a connection with the server over HTTPS by connecting, performing an SSL handshake, exchanging (and verifying) certificates, and only after all that is done, will the browser issue the HTTP request that tells the server what resources it is looking for.

因此，任何 .htaccess 或 WordPress 插件都无法在没有建立安全会话的情况下重定向用户.

Because of that, no .htaccess or WordPress plugin is going to be able to redirect the user without them establishing a secure session.

当然，如果您安装了自签名证书，那么在发生任何这种情况之前，用户都会收到警告.如果您偶然(似乎不是演员)通过 https 发送了 Strict Transport Security 标头，那么以前访问者的浏览器甚至可能不允许他们通过 HTTP 进行连接.

Of course if you install a self-signed certificate, the user is going to be presented with a warning before any of this happens. If you by chance (which doesn't seem to be the cast) had been sending Strict Transport Security headers over https, then previous visitors' browsers may not even allow them to connect over HTTP.

如果您想将 HTTPS 流量重定向到 HTTP，不幸的是，您将必须获得有效证书并使用 .htaccess 或一些 PHP 代码进行重定向.

If you want to redirect HTTPS traffic to HTTP, unfortunately you are going to have to acquire a valid certificate and redirect using .htaccess or some PHP code as you are.

如果您正在寻找大多数浏览器信任且无需付费的证书，您可以从 Let's Encrypt 获取免费证书.

If you're looking for certificates that are trusted by a majority of browsers without paying, you can get a free certificate from Let's Encrypt.

最重要的是，如果您想在没有任何警告消息的情况下将 HTTPS 流量无缝重定向到 HTTP，您需要安装另一个来自受信任 CA 的 SSL 证书.

这篇关于WordPress 将所有 HTTPS 重定向到 HTTP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！