Sometime back I wrote a post about how you can secure WordPress blog admin area using shared SSL without any plugin. But today I found out a glitch about that method and wanted to update you on how to fix it. So basically the issue I faced was like if some user submits a comment it redirects over https connection to the comment page and shows the SSL error that my site is using an SSL certificate of a different domain. It is because WP_SITEURL now points to the shared SSL secured url path given by the host company using their own domain name like https://cp32.hostable.com/~USERNAME/BLOG_DIRECTORY, but not your own domain like http://www.waveofweb.com/. And so after clicking on the submit button it redirects to that shared SSL path and submit the comment properly and then redirects the user to comment page using https version of the domain name. At that time reader gets the warning message of bad SSL cert. There is no issue with comment submit functionality but this is bad user experience. And readers are all we have got
To fix this, you can just use normal http connection while submitting blog comment. For this you need to change comment form submit url in the template php file. In most cases your WordPress theme will use its own custom function for showing comment box in your WordPress blog post page. So find comments.php file under your WordPress theme folder. On that file search for something like:
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
The problem is with this
<?php echo get_option('siteurl'); ?> as it will take the value of your site url defined in WordPress admin General Settings which is just the shared SSL secured path of your root directory. You can just remove that portion and instead use:
<form action="/wp-comments-post.php" method="post" id="commentform">
That will append the domain name before wp-comments-post.php and it will redirect over normal http connection to the comment page.