## How can I force admin-ajax.php to load over SSL / HTTPS?

Question

I have a site that I’ve recently put 100% behind HTTPS. All assets on the front end and the back end are successfully being called over HTTPS, except admin-ajax.php.

This is causing any functionality that depends on the file to fail, including but not limited to CF7, Elementor and other Forms that use AJAX submission, etc.

The error I get, which you can see in the screenshot is “Mixed Content: The page at ‘https://toursoft.co/contact-us/‘ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://toursoft.co/wp-admin/admin-ajax.php‘. This request has been blocked; the content must be served over HTTPS.”

here is what I’ve done so far to try to solve the issue.

2) Added the following to my apache config:

SetEnvIf X-Forwarded-Proto https HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/\$1 [R,L]


3) use wp-cli to do a complete search and replace

sudo -u www-data wp search-replace 'http://toursoft.co' 'https://toursoft.co' --network


This replaced 151 items, even in the GUID column, which is highly advised against by WordPress. But it did not work. 0 instances of http:// remain in the database

4) Verified that site_url and home options correctly point to https://

Investigating the javascript code that causes the error shows that the code seems to be correctly calling ‘ajaxUrl’ variable. This variable should hold the https:// version of the file, right?

jQuery.ajax({
url: t.getSettings("ajaxUrl"),
type: "POST",
dataType: "json",
data: t.getFormData(),
processData: !1,
contentType: !1,
success: t.onSuccess,
error: t.onError
})


The ajaxUrl variable is only returning the http version of the script. How else can I investigate this and ultimately fix it so that it loads over https?

0
2 years 2020-01-11T08:38:43-05:00 0 Answers 83 views 0