SSL Redirect plugin

The SSL Redirect plugin is able to redirect non-secure HTTP-pages to secure HTTPS-pages, and back again. Which pages need to be served through SSL and which not, can be configured through plugin parameters: Per Menu-Item, per component, etcetera.

Software information

License GNU/GPL Price GPL Current version 0.9.1 Download  plg_sslredirect_j15.zip
 plg_sslredirect_j16.zip Requirements - Joomla! 1.5.15 or higher
- Joomla! 1.6.0 or higher
- Joomla! 1.7.0 or higher
- Joomla! 2.5.0 or higher
PHP 5.2.8 or higher

Do you like our software? Why not donate 5 Euro?

Backgrounds

The Joomla! Global Configuration allows you to configure SSL, but if a visitor enters a Joomla! page through non-HTTPS, this visitor is not automatically redirected. Also you can't enable SSL for just some pages, while all other pages are served through regular HTTP.

While the Apache htaccess file can be configured to contain RewriteRules for this, it is much more complicated and error-prawn. This is the main reason why the Yireo SSL Redirect plugin was developed.

Installation

1. To install this plugin, download it from the download-section on this site to your computer.
2. Then install the ZIP file from within the Joomla! Administrator as a regular extension.
3. Next go to the Plugin Manager to enable this system-plugin. It is listed as "System - SSL Redirect".

Usage

The plugin parameters allow you to select Menu-Items for which SSL should work, or components to which SSL should be applied. The plugin automatically applies non-SSL to all other pages. If your Joomla! page is not accessible through a Menu-Item (in other words: there is no Itemid) and the component-parameter is too general, you can still use the textarea Custom pages to add URLs manually. Also included is the option to use SSL for logged-in users.

Webservers with Suhosin might cause problems due to the setting suhosin.session.encrypt set to Yes. This setting prevents sessions from being switched between HTTPS and HTTP.

Help us with your feedback, by adding a review in the Joomla! Extensions Directory.

Troubleshooting SSL mixed content

When a padlock appears in your browsers addressbar (red or green) it shows that SSL is being used, and most likely that this SSL Redirection plugin is working properly. However, when the padlock is red, the browser objects because - while the page itself is loaded over SSL - some of its page-resources (CSS, JavaScript, images) are not. To get a green padlock, you will need to make sure all page-resources are loaded over HTTPS.

When building Joomla! extensions or Joomla! templates, the code should be flexible enough to switch easily between SSL and non-SSL. In its most simple form, the Joomla! Framework code needs to be used to generate links, and hard-coded links (like http:// and https://) should be prevented. If you're not a developer yourself, it's best to ask the original developer to fix this for you.

You can use the Firefox Web Developer Toolbar, Firebug or the Chrome Developer Tools to determine which page-resources are loaded from where. Alternatively, you can just open up the Page Info under Firefox and inspect all resources using the Media-tab. If that's your thing, you can also study the HTML-code. Note that AJAX-links might also cause issues.

More extensions