If you have visited your favourite Wikidot site recently, you may have been greeted with a surprising message:
This means that the administrator of the site has configured the security to "SSL only", a feature for Pro+ accounts only. However, if the administrator's Wikidot Pro+ plan has expired, the site will be permanently locked down like this… until they upgrade back to a Pro+ plan.
Can they rollback the site to the basic free http configuration instead, without having to pay for a large Pro+ account?
No. The user interface on the /_admin control panel does not have an option to revert back to a HTTP only protocol. However, paying $239.90 is a steep price for a 1-year Pro+ plan… especially if you only need it for a single minute just to disable the SSL.
There is a way to modify the user interface to restore the option to disable SSL using HTML injection. You will need to enable the "Developer Tools" of your web browser, and need to:
- go to the /_admin control panel of your site;
- in the admin side bar, navigate to Security » Secure access
- right click on the large heading which says: Secure Access use secure browsing…, and click on "Inspect"
From here, you need to replace the code of the #sm-action-area DIV block. Right click on this line of code, and select "Edit as HTML":
Use the keyboard shortcut to "Select All" (Ctrl + A, or Cmd + A) and delete the text. Then inject (copy and paste) the following HTML code:
<div id="sm-action-area" class="span9" style="display: block;"><div class="page-header"> <h1>Secure Access<small>Use secure browsing where possible</small></h1> </div> <div class="error-block alert alert-error" style="display: none;"> <div class="error-block-title">Error!</div> <div class="error-block-message"></div> </div> <form class="form-horizontal"> <div class="control-group"> <label class="control-label" for="sm-ssl-mode-select">Secure access mode</label> <div class="controls"> <select id="sm-ssl-mode-select"> <option value="" selected="selected">disabled</option> <option value="ssl">both unsecure and SSL enabled</option> <option value="ssl_only">SSL only (recommended for private sites)</option> </select> </div> </div> <div class="alert alert-info"> <strong>Warning!</strong> Our wildcard domain certificate works well only within the wikidot.com domain. If you are using a custom domain for your Wiki (e.g. example.com instead of example.wikidot.com) you browser might produce a warning. Please contact us at <a href="mailto:priority-support@wikidot.com">priority-support@wikidot.com</a> if you wish to use your own certificate for your domain. </div> <div class="buttons form-actions"> <div class="btn btn-primary" onclick="WIKIDOT.modules.ManageSiteSecureAccessModule.listeners.save(event)"> <i class="icon-save"></i> Save changes </div> </div> </form> <div id="message" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <div class="modal-body"> <h3>Changes saved.</h3> </div> </div> </div>
Then click outside of the code to "save" your changes. Suddenly, you will see a new interface appear:
Click "Save changes", and your site will be restored, free of charge!
Note: Even though the UI allows you to click and choose SSL, it still won't allow you to save changes without a Pro+ account.