I’d like to make my existing wordpress website www.example.com also accessible over a tor onion service = www.examplesite12345.onion. How can I do this?
Note that the two domain’s content should be identical, except that I don’t want wordpress to be injecting the wrong domain into my content (of course, all my content won’t specify the domain either).
I’m using wordpress multisite. I setup tor to point to my web server, but wordpress doesn’t recognize the domain (not surprising). So wordpress simply returns with a 302 redirect to http://www.example.com/wp-signup.php?new=www.examplesite12345.onion
How do I tell wordpress that www.examplesite12345.onion isn’t a new site, but just an alias for the existing site www.example.com? Obviously, a mere redirect from the .onion to the clearnet domain is not a valid answer.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You can create .onion alias for your existing wordpress site on the clearnet using the Mercator wordpress plugin.
While the Mercator plugin alone is sufficient to make your wordpress site accessible on a .onion (as an alias, so in addition to its clearnet site), you’re going to want to make some changes to your wordpress child theme and web server config. Otherwise, you may experience issues such as:
- A user visits your
.onionsite, but your wordpress theme has them load javascript from the clearnet site, defeating the security benefits of using the.onionin the first-place - A user visits your
.onionsite, but the first click they make on your site brings them back to the clearnet domain for the rest of their session, also defeating the purpose - Your wordpress theme or plugins stubbornly try to redirect the user to your
.onionon https, which doesn’t work because your cert isn’t valid for a.oniondomain. - A user visits your clearnet site using the Tor Browser, and never realizes that a more secure
.onionversion of your site is available
rewrites
The first three issues can be solved by updating your wp-config.php and/or your wordpress child theme(s) to do a regex substitute of your https clearnet domain with your http .onion domain, where necessary
Onion-Location
The last issue can be solved by updating your web server config to include the Onion-Location header
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0