Paid Memberships Pro is typically setup to redirect your checkout page to an HTTPS version of the URL. Any non-checkout page is redirected to an HTTP version of the URL.

If you have the FORCE_SSL_LOGIN or FORCE_SSL_ADMIN constants set in WordPress, PMPro will respect those settings and not redirect your login page to HTTP for instance.

If you have other plugins, themes, or bits of code that redirect other front end pages to or from HTTPS URLs it may conflict with how PMPro is trying to do this. Your site may get caught in an infinite redirect or show a white screen.

When this happens, you need to figure out which plugins are causing the conflict (I’ll try to keep a list of usually suspects at the bottom of this post) and resolve the conflicts by getting the plugins to agree on which URL to serve.

To figure out where the issue is:

  • Disable all plugins and themes, then activate them one by one and/or in pairs to see which ones are conflicting.
  • The Debug-WP-Redirect plugin can sometimes help you find the issue.

Once you’ve found out which pages/plugins/etc are having problems. You can use custom fields and code to override PMPro’s default behavior.

  • You can set the “besecure” custom field to “1” on a post or page. If PMPro sees this, it will make sure that page is loaded over HTTPS. If not (and the page isn’t a checkout, billing update or login page on a FORCE_SSL setup) PMPro will make sure the page is loaded over HTTP.
  • Other plugins have similar custom fields or checkboxes on the edit post page that need to be set to tell that plugin if the page should be served over SSL or not. Be sure that PMPro and all other plugins are on the same page.
  • You can also use the “pmpro_besecure” hook/filter to control if PMPro should serve a page of HTTPS. For example, this gist below will force PMPro to serve all pages over HTTPS.

Or you can use this plugin to completely disable the HTTP/HTTPS redirect. Copy this file into your plugins folder as pmpro-disable-https-redirect.php and activate the plugin.

If you are having trouble resolving an HTTPS/SSL conflict, we can help. If you sign up for our PMPro Membership plan and send us a WordPress admin user/pass and FTP user/pass, we will log into your site and resolve the issue for you.

Here is a list of plugins and themes to be particularly careful with when using PMPro. These are not “bad” plugins any more than PMPro is a bad plugin, they just conflict with PMPro in certain situations when trying to redirect to and from HTTPS URLs.

  • WordPress HTTPS
  • Woo Commerce, Jigoshop, other ecommerce plugins.
  • Other membership plugins.


Comments (8)

Author’s gravatar

I just encountered this issue and this article was very helpful. I do find the redirect behavior very unexpected, maybe this should be something that should based on explicit user configuration only. Because you can encounter redirect loops just based off rewrite rules set by the server (in my case my nginx settings, which are set to direct everything to SSL).

Author’s gravatar

In the more recent versions of the plugin, we only redirect for SSL reasons if you have the setting of the payment settings page set to something other than “No”. It is a tough call. For everyone who runs into issues and has to manually configure the HTTPS redirects, there are a few users who appreciate just being able to say “Yes” and have it redirect to/from HTTPS for them automatically.

Author’s gravatar

After much searching I eventually found the solution to this problem right under my nose.

On the memberships->payment settings page:
Set this:
Force SSL: Yes (with JavaScript redirects)

Recommended: Yes. Try the JavaScript redirects setting if you are having issues with infinite redirect loops.

Author’s gravatar

Yes. In particular that setting will get around issues where server-side proxies (like varnish cache and others) are causing PHP to be confused about whether or not the page is being served over HTTPS. JavaScript gets the benefit of running after the page loads and knows for sure it’s HTTPS and can safely redirect later.

Thanks for posting this. I should add this to the list (the JS feature was added later).

Author’s gravatar

If I purchase a PMPro membership, will someone help me figure out why PMPro is shutting down my WooCommerce checkout?

*When I deactivate PMPro my checkout works fine…

Author’s gravatar

I’m not sure that I understand why enabling pmp’s force SSL also forces everything else to not use SSL. While I can see why it wouldn’t be pmp’s place to force SSL all over, I don’t see why it forcibly redirects all https connections to http, this isn’t what I want at all.

Anyway, I’ve opted for the pmpro_besecure filter you describe. Appears to be working well.

Author’s gravatar

When we redirect the checkout page to the HTTPS version, the links on that page link to HTTPS versions of other pages. So if you click to link back to the homepage, you end up on the HTTPS version of that page. Now there are 2 versions of your homepage linked to on your site, which can cause issues with SEO and other services.

We’ve decided that the most common use case (might be changing as the switch to 100% https seems to be happening soon) is to have the checkout page over HTTPS and other pages over HTTP, so that is what we programmed.

I’m open to suggestions, but that was our logic anyway.


Leave a Reply