Paid Memberships Pro is typically setup to redirect your checkout page to an HTTPS version of the URL. Any non-checkout page is redirected to an HTTP version of the URL.

If you have the FORCE_SSL_LOGIN or FORCE_SSL_ADMIN constants set in WordPress, PMPro will respect those settings and not redirect your login page to HTTP for instance.

If you have other plugins, themes, or bits of code that redirect other front end pages to or from HTTPS URLs it may conflict with how PMPro is trying to do this. Also some server setups do not convey the fact that a page load is over SSL in the ways that WP/PMPro is expecting. Your site may get caught in an infinite redirect or show a white screen.

When this happens, one fix you can try is to change the “Force SSL” setting on the Memberships -> Payment Settings page in your dashboard to “Yes (with JavaScript redirects)” and save the settings. Then check if the checkout page is properly redirecting to the HTTPS version without issues.

If things are still not working, you need to figure out which plugins are causing the conflict (I’ll try to keep a list of usually suspects at the bottom of this post) and resolve the conflicts by getting the plugins to agree on which URL to serve.

To figure out where the issue is:

  • Disable all plugins and themes, then activate them one by one and/or in pairs to see which ones are conflicting.
  • The Debug-WP-Redirect plugin can sometimes help you find the issue.

Once you’ve found out which pages/plugins/etc are having problems. You can use custom fields and code to override PMPro’s default behavior.

  • You can set the “besecure” custom field to “1” on a post or page. If PMPro sees this, it will make sure that page is loaded over HTTPS. If not (and the page isn’t a checkout, billing update or login page on a FORCE_SSL setup) PMPro will make sure the page is loaded over HTTP.
  • Other plugins have similar custom fields or checkboxes on the edit post page that need to be set to tell that plugin if the page should be served over SSL or not. Be sure that PMPro and all other plugins are on the same page.
  • You can also use the “pmpro_besecure” hook/filter to control if PMPro should serve a page of HTTPS. For example, this gist below will force PMPro to serve all pages over HTTPS.

Or you can use this plugin to completely disable the HTTP/HTTPS redirect. Copy this file into your plugins folder as pmpro-disable-https-redirect.php and activate the plugin.

If you are having trouble resolving an HTTPS/SSL conflict, we can help. If you sign up for our PMPro Membership plan and send us a WordPress admin user/pass and FTP user/pass, we will log into your site and resolve the issue for you.

Here is a list of plugins and themes to be particularly careful with when using PMPro. These are not “bad” plugins any more than PMPro is a bad plugin, they just conflict with PMPro in certain situations when trying to redirect to and from HTTPS URLs.

  • WordPress HTTPS
  • Woo Commerce, Jigoshop, other ecommerce plugins.
  • Other membership plugins.

 


Comments (29)

Author’s gravatar

I just encountered this issue and this article was very helpful. I do find the redirect behavior very unexpected, maybe this should be something that should based on explicit user configuration only. Because you can encounter redirect loops just based off rewrite rules set by the server (in my case my nginx settings, which are set to direct everything to SSL).

Reply
Author’s gravatar

In the more recent versions of the plugin, we only redirect for SSL reasons if you have the setting of the payment settings page set to something other than “No”. It is a tough call. For everyone who runs into issues and has to manually configure the HTTPS redirects, there are a few users who appreciate just being able to say “Yes” and have it redirect to/from HTTPS for them automatically.

Reply
Author’s gravatar

After much searching I eventually found the solution to this problem right under my nose.

On the memberships->payment settings page:
Set this:
Force SSL: Yes (with JavaScript redirects)

Recommended: Yes. Try the JavaScript redirects setting if you are having issues with infinite redirect loops.

Reply
Author’s gravatar

Yes. In particular that setting will get around issues where server-side proxies (like varnish cache and others) are causing PHP to be confused about whether or not the page is being served over HTTPS. JavaScript gets the benefit of running after the page loads and knows for sure it’s HTTPS and can safely redirect later.

Thanks for posting this. I should add this to the list (the JS feature was added later).

Reply
Author’s gravatar

If I purchase a PMPro membership, will someone help me figure out why PMPro is shutting down my WooCommerce checkout?

*When I deactivate PMPro my checkout works fine…

Reply
Author’s gravatar

I’m not sure that I understand why enabling pmp’s force SSL also forces everything else to not use SSL. While I can see why it wouldn’t be pmp’s place to force SSL all over, I don’t see why it forcibly redirects all https connections to http, this isn’t what I want at all.

Anyway, I’ve opted for the pmpro_besecure filter you describe. Appears to be working well.

Reply
Author’s gravatar

When we redirect the checkout page to the HTTPS version, the links on that page link to HTTPS versions of other pages. So if you click to link back to the homepage, you end up on the HTTPS version of that page. Now there are 2 versions of your homepage linked to on your site, which can cause issues with SEO and other services.

We’ve decided that the most common use case (might be changing as the switch to 100% https seems to be happening soon) is to have the checkout page over HTTPS and other pages over HTTP, so that is what we programmed.

I’m open to suggestions, but that was our logic anyway.

Reply
Author’s gravatar

I recently installed an SSL from WP Engine, and noticed that my checkout and other memberships type pages now show blank content on the website. Is this likely due to the SSL or some other plugin conflict?

I currently have force SSL in PMPro settings set to “No”

Reply
Author’s gravatar

This post by peter barber fixed my issue

After much searching I eventually found the solution to this problem right under my nose.

On the memberships->payment settings page:
Set this:
Force SSL: Yes (with JavaScript redirects)

Recommended: Yes. Try the JavaScript redirects setting if you are having issues with infinite redirect loops.

Reply
Author’s gravatar

Nice. I’m going to update the post. We actually wrote this before we had the “Yes, with JavaScript” option. It can often fix issues like this… mostly issues where the server isn’t conveying the fact that a page load is HTTPS in the way that WP/PMPro is expecting.

Reply
Author’s gravatar

Force SSL: Yes (with JavaScript redirects) solves the issue with checkout when using ancient Safari 5.0.6 on a Mac running Mac OS X 10.5.8 Leopard. Thanks for the tip!

Author’s gravatar

I’m having a problem with Paid Memberships Pro plugin calling images using http instead of https. My whole site is fully secure, except on the memberships pages.

Reply
Author’s gravatar

There are a lot of factors that could contribute to this, but we can diagnose and fix this for you if you create a post in our member forums and include a private reply with the WP admin user/pass and FTP host/user/pass for your site.

Reply

Hello jason , what if we used pmpro woocoommerce add on , that’s give conflict also , and i ‘m little surprised because we found your woocommerce add-on and that add-on very important for our project .. so please tell me if keep payment in woocommerce , and just pmro for create levels , that’s give us big conflict or no thank you

Reply
Author’s gravatar

That shouldn’t be a problem.

RE HTTPS conflicts, since changes early next year will (practically) require you to serve your whole site over HTTPS. Assuming you have an SSL certificate installed and working, I suggest (1) setting the PMPro “force SSL” to false. (2) Changing your “WordPress Address URL” and “Site Address URL” to https://… and (3) Setting WooCommerce to use SSL however they ask you to when your entire site is served over SSL.

Reply
Author’s gravatar

Hello, I activated ‘Force SSL (without JavaScript)’ yesterday and now I can’t access my website at all and I get the error below:

mywebsite.com redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS

Moreover, I’m now locked out of WP entirely. There is no way for me to get to the WordPress Dashboard to debug PMP pro. Can I use FTP to configure PMP pro? How can I fix this? How can I regain access to my WP admin page?

Please help.

Reply
Author’s gravatar

Sorry this happened. If you have your entire site over HTTPS or other plugins controlling which pages are served over HTTPS, the PMPro Force SSL setting can be set to No. To do that via a SQL query try:

UPDATE wp_options SET option_value = 0 WHERE option_name = ‘pmpro_use_ssl’ LIMIT 1;

Make sure to update wp_ if you use a different prefix.

Reply
Author’s gravatar

I’m having the same issue. When running Woo Commerce with PMP, I get the same redirect issues as others. When I set Force SSL to Yes with Javascript, I no longer get error messages from Firefox or Chrome, but instead, the browsers just spin infinitely. When I set Force SSL to No, I am able to access my page (the shopping cart checkout page) as usual. I’m not sure that I want to run PMP with SSL set to No, though?

Reply
Author’s gravatar

It is OK to set “Force SSL” to no – especially if it is causing conflicts with other SSL settings. As long as you are getting the “green padlock” on the Membership Checkout and Membership Billing pages. WooCommerce has its own SSL handling in place so if their checkout pages are loading properly you are good to go.

Reply
Author’s gravatar

My checkout page is totally blank, I’m not sure why this is happening. I have tried it in both test only mode and live. I have tried force SSL both yes and no. I cannot figure out what the problem is, someone please help.

Reply
Author’s gravatar

Good afternoon,

I am having a little bit of trouble with all of this as it seems a little finicky on my site. Since I just purchased and installed an SSL certificate, I’d like to switch gateways from 2Checkout to Stripe. Under Settings > General, my WordPress address and Site address are both ‘https…’.

First, leaving Force SSL as ‘No’ would seemingly be fine, especially since in WooCommerce, force secure checkout is checked for the checkout page and the above settings are ‘https’. But after configuring this way, I found someone could navigate to an unsecured ‘maddashmixes.com’ and enter in credit card details into Stripe on an unsecured page. Below is a rundown of other configurations.

Setting Force SSL to Yes:
Correctly forces the membership checkout page to a secured page, but I cannot navigate to ‘My Account’ page. It redirects me to the ‘Membership Levels’ page.

Setting Force SSL to Yes with JavaScript redirects:
Again, correctly secures the page, but I cannot navigate to ‘My Account’. The page turns white and I am in an infinite loop.

I am a little concerned since I’ve tried all manner of configuration that I know of, but I am sure a setting is wrong. I also tried the debug plugin but haven’t received any output.

Let me know you thoughts.

Thanks

Reply
Author’s gravatar

Good afternoon,

I recently purchased and installed an SSL certificate for my site. Because of this, I’d like to change payment gateways from 2Checkout to Stripe. However, I am experiencing a few problems and the correct settings are elusive to me right now.

First, under Settings > General, both WordPress Address (URL) and Site Address (URL) are set to ‘https…’. Secondly, in WooCommerce, Force secure checkout is checked. Because of these two things, my thinking was that it is okay to leave ‘Force SSL’ in PMPRO to No. However, in testing I found that a customer could navigate to ‘http://www.maddashmixes.com’, go to the membership checkout and enter credit card details into Stripe on an unsecured page. For this reason, I do not think it would be wise to leave it No right now. Below is a rundown of other configurations.

Setting Force SSL to Yes:
The membership checkout page is secured, but I cannot navigate to the ‘My Account’ page, it redirects me to the ‘Membership Levels’ page (I am logged in as a member).

Setting Force SSL to Yes with JavaScript redirects:
Again, the checkout page is properly secured, but I still cannot navigate to the ‘My Account’ page. The screen turns white and I am in an infinite loop that never loads.

I am unsure what to do at this point, but I am sure some configuration on my end is wrong somewhere. I have also installed the debug plugin but have not received any output when testing.

Please let me know your thoughts.

Thank you!

Reply
Author’s gravatar

If your site URL and home URL are set with HTTPS, then WP should force the site to load on the https version of the URL. Check your .htaccess file for rewrite rules around http/https as well. If PMPro detects that your site is over HTTPS, it should actually ignore the force ssl setting for us. But no is a good way to go.

Something like this can be used in the htaccess to force HTTPS as well. https://gist.github.com/strangerstudios/3899491912d5e612e4d379806b07b63a

It might cause redirect loops if something is still trying to redirect to non-https on your site. We can usually find these quickly if you post to the member forums and include a private reply with access and FTP access to your site.

Reply
Author’s gravatar

Hi, sorry for the double-post and thanks for the quick reply! First, the link you posted seemingly works, but in my case, if a user types in their URL “maddashmixes.com”, it will not direct them to the site because it is expecting “https://maddashmixes.com”. The latter will direct them to the site while the former will not do anything in the browser. I played around with .htaccess and eventually landed on a configuration that I believe works correctly.

1. I added two lines to .htaccess:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://maddashmixes.com/$1 [R=301,L]
2. Force SSL in WooCommerce is Yes
3. Force SSL in PMPro is No
4. SSL settings in Settings > General are HTTPS (mentioned in above post)

I also tested Stipe as a payment gateway and it is working correctly. The only potential hazard I see is that even though every page will now convert to HTTPS, if a user manually changes the URL from HTTPS to HTTP in the URL and hits enter, the website will accept that and present the page in an unsecured format. Is this normal/acceptable behavior? Should I even be worried about people doing that?

Thanks especially for the .htaccess info, I had no idea about changing that file.

Author’s gravatar

Your two lines for the htaccess code should do that redirect from the non-http to the https URL. There are a couple reasons it might not.

(1) Maybe your server isn’t actually reading the htaccess file. Try adding break; to the top of it and see if it breaks your site. (Then remove that to fix it.)

(2) Those two lines should be near the top of the htaccess file. If the regular WP htaccess code is above it, it might halt the execution of the rules after identifying the WP file to load. It should be above all other rules but below the “RewriteEngine On” and “RewriteBase /” lines.

Hope this helps.

Author’s gravatar

My problem is that when I add more than 3 membership levels my website crashes… “Error Too many redirects”.

Any suggestions?

Reply
Author’s gravatar

Do you have a levels page set in the page settings? We fixed a bug with this in the version coming out soon.

Reply

Leave a Reply