How to force the admin-ajax.php file to load over HTTPS?

I have a site that I've recently put 100% behind HTTPS. All assets on the front end and the back end are successfully being called over HTTPS, except admin-ajax.php.

This is causing any functionality that depends on the file to fail, including but not limited to CF7, Elementor and other Forms that use AJAX submission, etc.

The error I get, which you can see in the screenshot is "Mixed Content: The page at 'https://toursoft.co/contact-us/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://toursoft.co/wp-admin/admin-ajax.php'. This request has been blocked; the content must be served over HTTPS."

here is what I've done so far to try to solve the issue.

1) Try everything at https://codex.wordpress.org/Administration_Over_SSL including define('FORCE_SSL_ADMIN', true). Even though these are loading the wp-admin/admin-ajax.php file, this is happening from the front end.

2) Added the following to my apache config:

SetEnvIf X-Forwarded-Proto https HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

3) use wp-cli to do a complete search and replace

sudo -u www-data wp search-replace 'http://toursoft.co' 'https://toursoft.co' --network

This replaced 151 items, even in the GUID column, which is highly advised against by Wordpress. But it did not work. 0 instances of http:// remain in the database

4) Verified that site_url and home options correctly point to https://

Investigating the javascript code that causes the error shows that the code seems to be correctly calling 'ajaxUrl' variable. This variable should hold the https:// version of the file, right?

jQuery.ajax({
                    url: t.getSettings("ajaxUrl"), 
                    type: "POST",
                    dataType: "json",
                    data: t.getFormData(),
                    processData: !1,
                    contentType: !1,
                    success: t.onSuccess,
                    error: t.onError
                })

The ajaxUrl variable is only returning the http version of the script. How else can I investigate this and ultimately fix it so that it loads over https?

Topic ajax redirect https ssl Wordpress

Category Web

1
answered at

If you are using Domain Mapping plugin doing this will quickly achieve exactly what you are asking for.

  1. Go to: YOURDOMAIN/wp-admin/tools.php?page=domainmapping

  2. Under: Excluded pages, check: Force SSL for all pages.

  3. Save and you're done.

Your insecure mixed content error due to admin-ajax.php loading via http instead of via https should be gone after this.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.