Admin SSL was originally written by Haris, updating the Secure Admin plugin to work with PHP 5. However, with the release of WordPress 2.5 various changes were made to the way WordPress authenticates users - thus breaking the original Admin SSL plugin.
At this point I took over developing Admin SSL, because Haris was unable to invest the time required. At first this was limited to bug fixes, making it compatible with WordPress 2.5, but this has turned into a complete code re-write, adding many extra features. I am now pleased to announce the release of a much-tested Admin SSL 1.0.
Key new features are: support for WordPress MU, the ability to secure custom additional URLs, and a complete config page. All this as well as many bugfixes and a completely re-written redirection system that is much more stable than before. Enjoy!
NB Admin SSL no longer secures every single admin page by default, allowing you to take advantage of the speed improvements in WP 2.5.1. However, if you want to secure all those pages, add 'wp-admin/' to the additional urls box on the config page.
(If you have been very kindly testing the pre-release versions of 1.0, please reset your database options before installing version 1.0, or you might get a redirect error.)
If I could be cheeky, and you would like to make a donation (for all my hard developing!), please use the PayPal donate button below:
Features
- Forces wp-login.php and wp-admin/profile.php to be secured by default, using either Private or Shared SSL.
- Additional pages and directories to be secured (e.g. wp-admin/) can be defined on the configuration page.
- Other options can be defined on the new configuration page.
- Compatible with WordPress 2.2+ (using both Private and Shared SSL).
- Works with WordPress MU 1.3+ (using Private SSL only).
- Reset, debug and test modes for troubleshooting.
Downloads
The following downloads are hosted by wordpress.org.
1.0.5 - The latest stable version, with all the above features.
You can also download the development version, which contains bugfixes and new features as I include them.
If you prefer, you can use the SVN repository. The releases are in the 'tags' subdirectory, the development version in 'trunk'.
Known Issues
- Admin SSL is not compatible with any of the caching plugins - this is currently under investigation.
More information
For setup instructions, please go here.
Please read the FAQ before posting a support request on this page.
If you need to reset Admin SSL's options, please read this.
Screenshots
Secure login page.
Secure plugins screen, with Admin SSL enabled.
Thanks so much. This is a huge help!
Ben,
Much thanks! I was going to poke at it, but my PHP is not up to the task.
Except for three small changes for me, it looks good. If I run into any issues I’ll post a comment here.
Thanks,
Jan Dembowski
Thanks for taking the time to update the plugin! It would be great if this plugin would play nicely with the ldap auth plugin located @ http://sourceforge.net/forum/forum.php?forum_id=756461 (or the ldap plugin playing nicely with admin ssl plugin). I guess this plugin isn’t really designed for WPMU, but it works good without the ldap plugin installed. I need both. i’ll keep researching but i might have to dive into the code when I have some time.
Thanks again
Thank you so much Ben, I was in the process of doing this myself, and had just realized that I didn’t have the time nor the skills.
Rossi
deejam:
If you get the chance or find a way to do this, let me know. It looks like it should be possible - but I don’t have an LDAP server to test it with I’m afraid!
Well I’ve managed to secure the dashboard by using the clean_url filter - but at the cost of a JavaScript error.
The problem is that the WordPress Stats plugin calls scripts and stylesheets from http://wordpress.com, and you can’t just switch to https! It’s up to the plugin provider to provide a secure url to their external files, I think.
So unless anyone has anything clever they can suggest, I’m not sure this one can be solved, short of disabling the stats plugin.
Hello,
I don’t find any one with the same problem i have so I hope i’ll find here some help, when I activate the plugin and try to access wp-admin, i get an error with firefox ( bad redirect ), if someone have any idea to fix this, it’ll be very helpful.
Thanks in advance.
Cheers,
DW
DispoWeb:
Are you using an old version of admin-ssl? This was the problem before I updated it to work with WP 2.5.
Or, if you are not using WP 2.5 please use the older version of admin-ssl, version 0.64.
In fact, I’ll update this site so that is made more clear.
BCG
Hello,
I’m using the new version of admin-ssl ( 0.67 ) and wordpress 2.5, it’s really very strange as problem, I don’t find anyone who has the same problem.
Cheers,
DW
DispoWeb:
Did you downloade it from the link, or the SVN repository? Sorry, I didn’t make clear before that the repository is my test version, as I try to fix the Dashboard problem, and so may not work.
Are you using shared or private SSL?
BCG
EDIT: try using the latest version from the repository - as I was testing it I had a redirection problem, when entering a non-https admin url having already logged in.
Hello,
Thanks for your reply, I donwloaded the plugin from your blog and i’m using a private SSL.
).
I can access to my website using https://www.mywebsite.com and https://www.mywebsite.com/wp-admin/ without the plugin but i get the redirection error when i activate it.
Can you drop me an email, I’ll send you the correct URL to see the error ( my english is not very well so it’s better to see the error yourself
Cheers,
DW
After updating from 2.3 to 2.5 and activating admin_ssl.php v0.67, I get redirect errors. It looks like it gets in a loop of redirecting from one fage to another. Removing the admin_ssl.php restores. Just in case I tried redownloading admin_ssl.php v0.67 again and uploading to plugins directory and I ran into same problem after activating. Clicking on a link in the admin area after activation seems to add extra /php/ directory in the target. My blog file is in http://www.mysite.org/php/my_blog/
Dear all
If you are experiencing problems with admin-ssl, please try downloading 0.70-b6. It is my latest development version, that I am using on my own blog, and seems to be working fine so far. I have made a lot of changes to the code, which is why I haven’t released it as a ’stable’ version.
If you are using Shared SSL you MUST use this version of the plugin as it contains the fix to make admin-ssl work with Shared SSL under WordPress 2.5.
BCG
Hi,
Thanks for updating the plugin. I seem to have a problem though. When I’m editting a post and want to insert a link using WYSYWYG I only get an empty popup.
Any ideas?
Regards,
Joost
Joost:
As I said in the post, there is a problem with TinyMCE itself - you need to edit tiny_mce_config.php in order for it to work under SSL. Please go here:
http://trac.wordpress.org/attachment/ticket/6544/6544.2.diff
to see the patch that you need to apply in order for TinyMCE to work. I’ve applied it myself and there isn’t any problem.
BCG
Hi Ben
Thanks for this, you’ve saved me some work
Question though - do you have any inkling as to what it does to breaks the K2 AJAX comments? Ive suffered that problem since before 2.5, but assumed it was down to my customized theme.
Chances are fixing it probably won’t be too difficult - the problem I have is finding the time to debug…
Mou:
As you probably noticed when you left the comment, I managed to fix the problem!
I tracked it down to comments-ajax.php, lines 30 and 34. They clash with the output buffering used by admin-ssl. If you comment them out, then live commenting will work.
I haven’t had any problems yet, but I don’t like commenting out pieces of code - I’ve asked the K2 guys why there is output buffering there (I can’t see it myself), but no response.
BCG
Thanks so much for this! I hope you keep on updating it and really appreciate it!
BCG,
Thanks for stepping in! admin-ssl 0.64 is blocking comments on , so I was pleased to see you’re actively working on it.
FYI: When I create a new account on my test blog, it sends me to , instead of the correct (configured in the Shared SSL field, and working for admin access).
Have you considered changing the new account email link from http to https? I of course understand if you don’t want to touch this.
Thanks again!
Chris Pepper
Chris:
This is now fixed in 0.71.
BCG
I bcg, thanks first of all for this wordpress 2.5 plugin. I saw before that there is a fix for standard tinymce who comes with wp 2.5. I use http://wordpress.org/extend/plugins/tinymce-advanced/ (3.0 compatible with wp 2.5).
I would like to know if there is a fix also for this one. When i activate admin-ssl and i go to write page, icons of tinymce-advanced are broken even if maybe editor works correctly (i didn’t tested this..)
Thanks in advance
A neat idea, since I have a dedicated SSL on my site. However, when you engage SSL, it affects the WordPress 2.5’s visual editor negatively. The insert link window, for example, is blank, and spell check no longer functions.
Can you fix?
Disabling SSL restores this to normal operation.
Peace,
Gene Steinberg
Hi Gene:
Check out the ‘Known Issues’ section at the top of this post, which explains the problem and gives the solution.
Cheers
BCG
Hi,
Fantastic that you picked up this plugin and got it working! If I may request something - I have been trying to use WP-OPENID, however it does not play nice (unfortunately can’t be more descriptive than that) with admin-ssl.
Would be quite handy if it could be made to work!
Thanks again
I am just working out the changes to use this with the upcoming WPMU 1.5 release and just having some issues since the admin-ssl.php file has cannot be in a subdirectory and every other file can still be in the folder. Any clues? Much appreciated for reworking this plugin! That is great!
Trent
Drumbo:
I’ll take a look when I get the chance - been working on a couple of redirection bugfixes!
Trent:
Can you email me (details here: http://www.kerrins.co.uk/contact/) please with more explanation - where exactly do you want admin-ssl.php? At the moment it expects to be in a subfolder of /plugins/.
BCG
Ben,
Version 0.72 is working really well for me. The only things I change for my site is putting in a if(is_user_logged_in() check.
If the user is not logged in, then I remove the $comment_url and $secure_comment_url from. If they are logged in, leave it in place.
Also for Subscribe to Comments plugin, I put in a check if the QUERY_STRING matches wp-subscription-manager.
The reason I do this is because I am using a self-signed SSL cert. It’s no problem for registered users (the admin) but other people posting might be put off from seeing the SSL cert warning in their browser.
You can see the diff here http://wp.dembowski.net/wp-content/admin-ssl-0.72.diff.
Thanks,
Jan Dembowski
Hey Ben, me again
Suddenly, the plugin’s stopped working for me! I moved to a new web server (Media Temple) which also has a shared SSL certifcate (although accessible via https://mou.me.uk), but for some reason now its giving me the infinite redirection of death!
Or, as Firefox puts it:
“The page isn’t redirecting properly. Firefox has detected that the server is redirecting the request for this address in a way that will never complete.”
I’m running 0.72 version of the plugin on WP 2.5.
Any ideas?
Mou:
Redirect errors are difficult to diagnose without more info. Perhaps you could email me with more info, like the URL in the address bar when it happens, if it’s pre or post login, stuff like that. Also, you could try downloading the development version above, which might fix it.
BCG
The issue springs up when I first activate the plugin - ie, as soon as I click “activate”, so to fix things I’m having to rename to Admin-SSL folder. The URL in the address bar is:
https://mou.me.uk/cms/wp-admin/plugins.php?activate=true
But it affects the entire admin area. Anywhere where it should be https as far as I can see.
Firebug is showing the page returning a 302 header… then the page reloads and returns another 302.. and it continues until Firefox either gives up or I try and look at the response tab in Firebug, at which point the browser (and a few other open programs) lock up for a few seconds!
Blog front-end is unaffected.
Tried the latest version on SVN but its giving me the same problem.
Can’t think of anything else offhand. Let me know what other info you need!
Okay, possibly very very stupid question here, but I’m trying to run the 0.72 version of the plugin on wpmu and am having a little bit of difficulty finding the Admin SSL plugin configuration page. It’s possible that this page exists only in wp 2.5 and not in wpmu, for some reason, but if it does exist could someone hit me with a clue? Thanks much.
Mou:
If you have the latest version, please try going to this page:
http://BLOG_HOME/wp-content/plugins/admin-ssl/admin-ssl-reset.php
(Obviously replace BLOG_HOME!)
This will reset the database options and allow you to activate AdminSSL and reenter your Shared SSL settings - the Shared SSL URL should be https://mou.me.uk/cms/wp-admin/.
John:
I’m currently working on making the plugin work with WPMU, I’ll release a version when it’s done, sorry but you’ll have to wait for now!
BCG
Jan:
I’ve added the is_user_logged_in() check but not sure about the subscription manager one.
In the latest development version (0.80-b14), which should be available to download from WordPress.org soon, the subscription manager is not secured - is this the behaviour you were after?
BCG
Ben,
That’s sort of what I’m aiming for.
For the subscription manager if the user is not logged in, then I want the subscription manager to be unsecured. This is because of my self signed SSL cert; I don’t want to turn off or scare the user if they want to modify their subscriptions to comment threads. Those user would not really be admin’ing the blog and their URLs go out via e-mail which is already unsecured.
If the user is logged in (via a check) then I want it to be secured. The idea is that if they are registered and logging in the end user either imported and accepted the self signed cert or they don’t mind the warning. Also logged in users should have their admin secured as just good practice.
Ideally there would be an area in the Admin SSL options screen to put in strings to bypass the SSL admin for non-logged in users ala WP Super Cache’s reject URI entry box, but that would be massively pushing the boundary of feature requests and I’d use up all my “Feature Request Karma in one rip”…
Thanks for all the great work,
Jan Dembowski
Ben,
I’ve just downloaded the development version and that’s great.
The options for secure commenting are exactly what I was looking for, thanks.
Jan:
Good stuff, I’m glad it’s working! Your feature request is a great one - I’ll see what I can do :).
BCG
Dear all
The development version is now 1.0-rc1. It has many new features, which are listed in admin-ssl.php. It supports WPMU on Private SSL (still being tested, but seems ok so far), and has the option to secure custom pages. It has a new and much improved method of forcing HTTPS, and various bugfixes.
I am using it on my own blog, and will fix any bugs I come across. If any of you feel like installing it, and letting me know if you have any problems, that would be much appreciated.
BCG
Ben,
Well I’m definitely kicking the tires
will comment here if I find any problems.
Thanks,
Jan Dembowski
New development version released, 1.0-rc4. This adds full support for WordPress 2.2 and 2.3 (not that anyone still uses them, but hey). We’re getting close, people! All it needs now is more testing on the new WPMU and I’ll release 1.0.
BCG
bcg,
So far it looks like 1.0-rc4 is working great for our wpmu install. I’ll let you know if anything breaks. Thanks a *lot* for this.
jf
Although it works on our main blog perfectly, any sub blog still has non-SSL behaviour. Is it possible to activate the plugin, and then change the default to use a private certificate so that each new blog doesn’t have to enable and adjust settings themselves?
Hi John
Thanks for trying it out. The way to get Admin SSL to work across the whole site is to install it in the /mu-plugins/ directory, rather than /plugins/. Your layout should be:
/mu-plugins/admin-ssl.php
/mu-plugins/admin-ssl/… (other Admin SSL files)
Once installed and activated in there, the plugin is activated across all sub-blogs, because it uses site-wide options.
Hope that clears things up for you! I was going to wait until the release of 1.0 to give installation instructions for WPMU, perhaps I shouldn’t've waited :).
BCG
Hot dog, bcg! Yup, works fine now. A little confused when I didn’t see admin-ssl show up under the plugins tab, but there it is under site admin. My first wpmu install, can’t you tell.
Anyway, thanks again so much for the plugin.
Hi John, glad it’s working for you now! Thanks for the feedback and encouragement :).
Ben,
Just shot you off an e-mail. It’s all good, just seeing some odd errors in my log file.
Thanks,
Jan Dembowski
Ben it is working fine on 2 WPMU installs (one 1.3.3 and one 1.5 RC) so I would have to say it is fine
Perhaps this has been covered already, however I wanted to know if it is possible to stop admin-ssl adding https to images added via the “create new post” option. The only way I can see to get rid of the “s” is to use an external editor (although if one goes back into editing the post via the web, the links will appear to still be secure, however if no changes are made via the web, the links will actually not be secure). Does this make sense?
Drumbo:
Thanks for your post - I have seen this problem. Unfortunately WordPress seems to insert relative, rather than absolute links. The only way to solve this is to use the development version of the plugin (currently 1.0-rc10), which is very stable and about to be released. If you install the dev version, go to the Admin SSL config page, and remove ‘wp-admin/’ from the additional pages, this will make the images work again.
The new behaviour of Admin SSL is NOT to secure ALL admin pages by default, but only wp-login.php and wp-admin/profile.php. This is because of speed issues, and because there is no need in most situations to secure every single admin page. It also has the advantage of fixing this annoying image bug!
Cheers
BCG
Hi, Thanks for the response. Will give the rc version a whirl
I have released version 1.0! Thank you for all who have helped test this version, and who have suggested features - Chris Pepper, Jan Dembowski, Mou and Trent especially.
If you have been using any development versions of Admin SSL between 0.72 and 1.0, please reset your Admin SSL database options before or immediately after installing version 1.0, or you will get a redirect error :-|.
BCG
You have done a fabulous job on Admin SSL! Your work is much appreciated, and I like the new options in release 1.0.
I am having a small problem and can’t quite figure out how to fix it. I have added custom pages and when I turn on debug, I can see that it is adding 2 forward slashes when it uses the custom pages which breaks the links. Any chance you have a suggestion for a fix?
Thanks!
Ryan
Hi. You’re plugin looks like exactly what I need, but I am cautious…. since it sounds like some folks may be having problems with the new release. Also, I am only interested in securing the log-in page. Is it possible to limit the plug-ins uses to just that?
And, yes, in case you are wondering, I am a complete novice with these particular things.
Any help appreciated. Thanks!
Hi there
The new release works fine, as long as you don’t have one of the cache plugins installed :). The redirection problem mentioned in the previous comment before yours will only occur if you use the ‘use a different blog url than the installation directory’ feature.
Hope that helps! Many people, including myself, use this on our blogs successfully. To secure the minimum number of pages (wp-login.php and profile.php), simply delete all the entries in the ‘Additional URLs’ box on the config page.
BCG
Wonderful plugin! Many thanks indeed!
I did run into one issue though. In a peculiar application, some of the file links on the page were NOT https. (These were some java script links.)
Today I noticed a plugin (http://wordpress.org/extend/plugins/https-for-wordpress/) mentioning this issue.
Do you plan a fix to this bug? (Perhaps I have to install the other plugin meanwhile.)
Again, much thankful for your hard work. I am enjoying your plugin very much! (Hopefully, so do some visitors to my site.)
Hi Peter
Thanks for using the plugin and posting - I’m glad you’re finding it helpful! The ‘bug’ you mention is not really a bug in Admin SSL, but in the plugins themselves that aren’t able to distinguish between HTTP and HTTPS.
If plugins load CSS or JavaScript dynamically, rather than including them in the page HTML, then there is no way I can find for Admin SSL to change the links to be HTTPS. I have been looking into it, but I just can’t find a way!
BCG
Ben, thanks again for the hard work on this plugin and for working with me on securing just the pages that need it. It is working great on WPMU both version now without a hitch and page loads in the admin are 4 times + faster without every page being secured. I like that I can even add “plugin” generated pages to secure
I am also happy to help you and donating something next!
as soon as i got to enable the plugin, the server will reply that my site sent an invalid error code ., error: -12263 whats that mean?
Hi Joseph
The problem is with your SSL certificate installation, rather than Admin SSL. Try here:
http://howtoforge.com/forums/showthread.php?t=18118
Or contact your hosting company for more information.
BCG
Hi BCG,
Just want to say “thank you”. It’s a great and valuable plug-in.
Hi,
today I installed your plugin (WP ‘automatically’ updated it to 1.0.4, so I should have the latest version, I think). The problem is that I am getting
The page isn’t redirecting properly
Iceweasel has detected that the server is redirecting the request for this address in a way that will never complete.
There should be no problem with SSL. I am using private SSL and when accessing the admin section of my webpage with https, everything works fine. The error I am getting only on the pages that are should be secured (wp-login.php and wp-admin/profile.php), for example when I do log-out.
Oops… stupid me didn’t read fully to post my issues here. I already wrote a nice long write-up of an issue I’m having with some weird redirecting issues when using Shared SSL in which the “/wp-” portion of the URL is being dropped. I posted all the details at http://wordpress.org/support/topic/178602.
Looks like a nice plugin. Now only if it would play nicely.
Sounds like there are some funny redirections going on here, perhaps introduced with 1.0.4.
If you could reset your options (instructions on the Reset page above), and then try, to make sure it isn’t a strange config option problem (that’s happened before).
If it still doesn’t work, could you enable debug mode, following the instructions in the FAQ? Then follow the steps you are having trouble with, and email me the debug log file (webmaster AT kerrins DOT net), which will enable to pinpoint where the error is going on.
Cheers
BCG
Is it possible to password-protect the whole site with this plugin? If so, how?
Antonio:
Sadly not - the best way to do that is to set the blog address to https:// - then WordPress itself will force the whole site to be HTTPS.
BCG
Hi,
This is probably a bit too on the edge, however I have svn’d the latest version of wordpress (which is 2.6 bleeding2) and I notice that the admin-ssl plugin is now doing the redirects the whole time.
Is there any possibility of getting an idea on how to fix this?
Thanks
hi Ben,
thanks for this great plugin. i installed it with no problems at all.
i wonder, can we make a rewrite rule that shuttles all traffic to wp-admin to the secure host?
i’m trying to follow the instructions on http://codex.wordpress.org/Administration_Over_SSL but no luck.
my wordpress address is: http://www.myexample.com/wordpress/
thanks a lot
Drumbo:
I’ll take a look, but the problem could be with WP 2.6 of course!
Soyuz:
Try adding ‘wp-admin/’ to the ‘Additional URLs’ box on the Admin SSL config page.
BCG
Hello Ben, thanks for this great plugin. i installed it but I have problems.
I installed last version 1.0 of your plugin and last WPMU 1.5.1
I upload admin-ssl.php to /mu-plugins and rest of files to /mu-plugins/admin-ssl
I go to Site Admin, Admin SSL and I check “Secure my site with SSL”.
My url blog is like http://blogs.company.com and if I try to login works 100% but I create another blog (http://blogs.company.com/blogtest1) when I try to login I get Error 404 Not Found.
Sergio (and others):
Thanks for reporting this, I’ll look into it when I can - my wife and I are about to move house (on Monday) so development on the plugin has stalled a little while we prepare for that, and actually move!
BCG
hi, it’s me again
i have another questions.
1. sometimes when i access my wp-admin, the https:// on the url became http://. so i usually reset the admin SSL and re-activated. i use WP 2.5.1
2. i also realize that when the url is https:// the post-slug didn’t work. i couldn’t edit the slug. is it related to a bug from the plugins that aren’t able to distinguish between HTTP and HTTPS, as you mentioned in the earlier comment?
and thanks again for the great plugins!
Soyuz:
I’ve just fixed bug (2), which will be included in the next release, once I have confirmed some other bugfixes. As for the first one, have you worked out how to make it happen, or is it random? If it is not random, could you enable debug mode (see FAQ) and email me the debug log please?
Sergio:
Can you confirm you are still getting this error? I am not having a problem with WPMU 1.5.1 and Admin SSL 1.0.4. Please email me with more info if you are still having trouble.
BCG
Sorry, solved in 1.5.1, I don’t have in virtual directory:
AllowOverride FileInfo Options
Solved and working ok in 1.5.1 and 1.3.1 with LDAP Auth too, now my problem is with LDAP Auth in 1.5.1.
Thanks for all.
hi,
thanks for the reply. and thanks for fixing the bug(2). really appreciate it.
for the first problem, it’s random. but i think that’s my mistake. i didn’t upload admin SSL plugin on the httpsdoc folder, only on httpdoc. after i put the admin SSL to my httpsdoc, the url is always https and never changed to http since then. silly me :). sorry to make you worried.
thanks again and i look forward to the next release.
Hi,
Just to let you know I have downloaded the latest svn version and it isn’t working with 2.6 svn version. It is no longer doing the continual redirect, however it seems to authenticate, and then go back to the login in screen. If I go back to the main page (front page of my blog) I can see that I have been logged in, however if I click on the admin link, it attempts to go to the admin section, but is redirected to the login page! Hope that makes sense
Drumbo:
Thanks for the heads-up - I think I’ll probably wait until a RC of 2.6 before I really look into it - there’s no point ‘fixing’ a bug that disappears in the final release!
Cheers
BCG
Hi,
I find that the redirect after clicking login wont work.
I can see this is due to two letters being added to the redirected URL. This occurs after the ‘type’ suffix, e.g. “.com/wp-admin/” becomes “.comds/wp-admin/”
However, I cant seem to find anything in WP-options that is adding the last two letters of the sub-domain that I have WP in.
I have checked the database and the standard URL is written correctly in all the setting.
Any help would be great.
Thanks.
I am using Admin SSL 1.0 with Wordpress 2.5.1 and private SSL. Generally it works great but as soon as I enable Admin-SSL, using the site with SSL is impossible. If someone tries to reach the site via https://my.blog, he is redirected to http://my.blog . Is there any posibility to have both, SSL-secured login and optional SSL at the rest of the blog?
first, wanted to say good work with the plugin i’m sure.. it’s a nice feature to have.
now, that said, i haven’t been able to enable it on my site. i’ve downloaded it (1.05), activated it, and tried to configured it via the setup panel but, when i click “save changes” i’m being prompted to “are you sure you want to do this?” but not given the option to say yes. the only thing i can click on that page is “please try again”.
any help would be appreciated. thanks again for all the efforts..
Tony:
Are you using the latest version (1.0.5)? If so, could you read the FAQ, enable debug mode and send me the log file please, so I can troubleshoot the problem?
Hoshpak:
Unfortunately WordPress forces its URL to be what you enter in the General Settings tab, so SSL will NOT work for blog pages, only for admin pages. If you want your blog to be secured, you can only do this by changing the URL in the WP General Settings - but this will of course secure your entire blog.
Paul:
This error happens when you try to submit to a WordPress page from another unverified domain name. E.g., you are signed in to myblog.com, and try to submit to myblog.com/wp-admin/settings.php from, say, somesite.com/wp-settings.php. Perhaps you also could enable debug mode, and send me the log file to help me troubleshoot?
Cheers
BCG
bcg: Thanks for your reply. I hope this will be fixed in Wordpress 2.6.
ssl plugins wordpess - mu problem ?
Bayan:
Not as far as I’m aware. Is there a specific problem you’re having?
@Hoshpak and @bcg:
I think with some hacking around the URL scheme replacements (I’m thinking specifically line 347), if you don’t change the scheme if it is already https ever (so you never go https->http), you can make the site https optional.
Craig:
Thanks for your comments - the reason this won’t work site-side is wp-includes/canonical.php, which forces site-side links to be the URL defined on the main Settings page.
If Admin SSL tries to make a site page secure, then there is a never-ending redirect as WordPress and Admin SSL keep redirecting.
The way to do this would be to do some checking using the ‘redirect_canonical’ filter, to stop WordPress redirecting - but I haven’t had time to do this yet, it’s on the feature list for 1.1.
BCG
Hoshpak and Craig:
I think I’ve cracked it - try downloading the development version above (1.1-rc3) and adding a site-side URL to the Additional URLs box on the config page.
It works for me, on both private and shared SSL. Let me know what you think.
BCG