I have a WordPress install using a Comodo SSL certificate. I have the WordPress HTTPS plugin installed and I’m using the AZ theme, and the admin is set to load over HTTPS. So far so good.
On the theme customizer, I get a perpetual loading icon (not to be confused with a WSOD). The AJAX call that brings back the homepage content is empty, save for the WP_CUSTOMIZER_SIGNATURE token. That is all the response includes. When I disable the WordPress HTTPS plugin (or otherwise disable loading the admin over SSL), the customizer works great. Disabling/enabling other plugins has no effect. This occurs with the stock Twenty Fifteen theme as well (pictured below).
Here is a screenshot of what I’m seeing in Firebug (and is reproducible across browsers, as well as on Browserstack VMs):
In case it’s relevant, the site is hosted on a DigitalOcean droplet, using ServerPilot. I have other WordPress sites hosted on the same droplet, and the other SSL-enabled one exhibits the same behavior. ModSecurity is not installed, to my knowledge, and I’m getting a 200 status code so I don’t think it’s this issue.
Also, the SHA-1 messaging appears to be a false positive, so far as I can tell (and I don’t think Firefox is yet at the point of blocking content based on SHA-1 usage anyhow?). I don’t think it’s zlib.output_compression bug either, as I have turned it off explicitly to test, and attempted the fix listed in that ticket, which didn’t work.
I haven’t found anything that quite matches my problem, which makes me think there is something stupid I have overlooked. Any help is greatly appreciated, and please let me know what additional information may be helpful.
2 s
Based on your question, I assume this is the plugin you are using to enable SSL: WordPress HTTPS.
Considering that the plugin hasn’t been updated in two years and their support questions haven’t been resolved, there may be some compatibility issues with the latest version of WordPress (4.6 at the time of this writing). My recommendation to make sure your website’s URL is running HTTPS everywhere.
THis can be done by executing the following SQL query in your database (phpMyAdmin):
UPDATE wp_options SET option_value = replace(option_value, 'HTTP_URL', 'HTTPS_URL') WHERE option_name="home" OR option_name="siteurl";
UPDATE wp_posts SET guid = replace(guid, 'HTTP_URL','HTTPS_URL');
UPDATE wp_posts SET post_content = replace(post_content, 'HTTP_URL', 'HTTPS_URL');
UPDATE wp_postmeta SET meta_value = replace(meta_value,'HTTP_URL','HTTPS_URL');
Replace the values with the following:
HTTP_URL> your HTTP link (http://some.site)HTTPS_URLyour HTTPS link (https://some.site)
This way, it prevents any mixed-content links from breaking things. I’ve also found a WordPress thread with a similar issue and not sure if you’ve already taken a look at it:
Theme Customizer Problem
