Tech Banker Gallery-Bank and SSL Compatability

Update 12/21/2015

It looks as if Tech-Banker has finally SSL-Enabled their website. Exactly when this occurred I do not know, as I did not receive an update to my ticket, and the original forum post seems to have been deleted. However, SSL has been enabled so this issue should now be fixed. The admin-ajax.php that is called as part of the plugin activation/licensing check is now available over SSL at https://tech-banker.com/wp-admin/admin-ajax.php.

Original Post

The Tech-Bank Gallery-Bank WordPress plugin, and perhaps other tech-banker plugins are not compatible with SSL-Enabled WordPress installations. The solution? Buy a different plugin, or keep bugging Tech-Banker so that they will hopefully update their website.

Here is the problem:

The functionality of Gallery-Bank (and probably most of Tech-Bankers plugins) hinges upon the availability of http://tech-banker.com. Yes, thats correct – your plugins will stop working if their website is not available. This happens at license validation time, which occurs any time you access the plugin (edit: I believe there may be a ‘session’ value giving a period of time where the license is valid after validation, but it is so low that it really doesn’t matter). This wouldn’t necessarily be a bad thing if Gallery-Bank required an active subscription, but this plugin was a one-time purchase – most people expect it to stand alone and function without contacting the mothership.

Don’t believe me? Google for it, and browse their support forums — you’ll find a lot of references to customers plugins failing when there is a website outage.

Still don’t believe me? Lets go examine things.

  • If I enable SSL on one of my WordPress installations with Gallery-Bank installed, and browse to the Gallery-Bank plugin in my WordPress admin interface, I will only see the page to validate the API key and license. If you click the validate button, nothing happens.
  • If I disable SSL on the same site, the Gallery Bank plugin (and thus, galleries) will work fine.

Ok, but why? If we start Chrome developer tools and look at what happens when we click the activate button we find the following errors:

Content: The page at ‘https://www.[mydomainhere].net/wp-admin/admin.php?page=gallery_bank’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://tech-banker.com/wp-admin/admin-ajax.php’. This request has been blocked; the content must be served over HTTPS

OK, simple, right? The post being HTTP causes a mixed-mode error when your blog is configured to be https://. Lets just change the Gallery-Bank plugin to reference https://, right?

Grepping for ‘http://tech-banker.com’ in the Gallery-Bank plugin folder results in three lines where its referenced:

  • /views/licensing.php – jQuery.post(“http://tech-banker.com/wp-admin/admin-ajax.php”, jQuery(form).serialize() 
  • /views/dashboard.php – jQuery.post(“http://tech-banker.com/wp-admin/admin-ajax.php?param=check_update&action=license_validator”, function (data)
  • The third is part of the initial installation script and does not apply to this post.

So we edit those files to reflect https instead of http, and try to authenticate again, wherein another error is encountered.

POST https://tech-banker.com/wp-admin/admin-ajax.php net::ERR_INSECURE_RESPONSE

Hm. Ok, so at this point we visit https://tech-banker.com/wp-admin/admin-ajax.php and see whats up.

Screen Shot 2015-11-25 at 2.12.08 PM

Ahhh.. that makes a lot more sense now. tech-banker apparantly utilized Sucuri in some form as sort of a middle-man DDoS filter of some sorts. Therein is the SSL error – the site you are visiting is https://tech-banker.com but the SSL certificate provided is from Sucuri.

Screen Shot 2015-11-25 at 2.13.56 PM

The only solution here is for tech-banker to SSL-enable their website. However, this has been reported by a lot of people in the past and there is no information provided by tech-banker that this is in the works.

So those of you with Gallery-Bank have two options:

  • Do not SSL-enable your WordPress installation, or
  • Do not use Gallery-Bank for your Galleries.

Fortunately, purchases via tech-banker are curated by PayPal, and thus are inherently SSL-protected, but a lot of the other things on their website are not. Use at your own risk.

Licensing and SSL-incompatability aside, the Gallery-Bank plugin served me well for a long time. The features were matched by only a couple of other plugins that I have tried. The gallery layouts were also top notch, and the price was right. It was a shame that it wasn’t compatible with SSL.

Hope this help.

 

 

 

1 Comment

Leave a Comment

Your email address will not be published. Required fields are marked *