Home | Setup | FAQ | History | Reset
Welcome to the homepage of the Admin SSL plugin for WordPress.
For a history of the plugin, please go here.
For setup instructions, please go here.
If you are having problems, please read the FAQ before posting.
If you need to reset Admin SSL, please go here.
The latest release, 1.5-b1, supports WordPress 2.8.
NB the only way I could get Admin SSL to work in WP 2.6+ was to get it to disable the new WordPress authentication cookies, and use the ones from 2.5.1. I personally prefer SSL than the cookie weirdness of 2.6+, but it's up to you.
If I could be cheeky, and you would like to make a donation (for all my hard developing!), please use the PayPal donate button below:
Features
- Works with WordPress 2.2 – 2.7 (using both Private and Shared SSL).
- Works with WordPress MU 1.3+ (using Private SSL only).
- Forces wp-login.php, wp-admin/profile.php and wp-admin/users.php to be secured. This cannot be turned off.
- Additional pages and directories to be secured (e.g. wp-admin/) can be defined on the configuration page.
- Other options can be defined on the new configuration page.
- Reset, debug and test modes for troubleshooting.
Downloads
The following downloads are hosted by wordpress.org.
1.4.1 – The latest stable version, with all the above features.
You can also download the development version (1.5-b1), which contains bugfixes and new features as I include them.
If you prefer, you can use the SVN repository. The releases are in the 'tags' subdirectory, the development version in 'trunk'.
Known Issues
- Admin SSL has 'erratic' behaviour when WordPress is not installed in the same directory as the WordPress URL. This is because of the way the WordPress canonical redirection functions work. I have not yet been able to overcome these.
The login page (and other admin pages) can be secured, but nothing on the site side.
Screenshots
Secure login page.
Secure plugins screen, with Admin SSL enabled.
design © bcg mmviii
Jan:
.
Good stuff, I’m glad it’s working! Your feature request is a great one – I’ll see what I can do
BCG
Dear all
The development version is now 1.0-rc1. It has many new features, which are listed in admin-ssl.php. It supports WPMU on Private SSL (still being tested, but seems ok so far), and has the option to secure custom pages. It has a new and much improved method of forcing HTTPS, and various bugfixes.
I am using it on my own blog, and will fix any bugs I come across. If any of you feel like installing it, and letting me know if you have any problems, that would be much appreciated.
BCG
Ben,
Well I’m definitely kicking the tires
will comment here if I find any problems.
Thanks,
Jan Dembowski
New development version released, 1.0-rc4. This adds full support for WordPress 2.2 and 2.3 (not that anyone still uses them, but hey). We’re getting close, people! All it needs now is more testing on the new WPMU and I’ll release 1.0.
BCG
bcg,
So far it looks like 1.0-rc4 is working great for our wpmu install. I’ll let you know if anything breaks. Thanks a *lot* for this.
jf
Although it works on our main blog perfectly, any sub blog still has non-SSL behaviour. Is it possible to activate the plugin, and then change the default to use a private certificate so that each new blog doesn’t have to enable and adjust settings themselves?
Hi John
Thanks for trying it out. The way to get Admin SSL to work across the whole site is to install it in the /mu-plugins/ directory, rather than /plugins/. Your layout should be:
/mu-plugins/admin-ssl.php
/mu-plugins/admin-ssl/… (other Admin SSL files)
Once installed and activated in there, the plugin is activated across all sub-blogs, because it uses site-wide options.
Hope that clears things up for you! I was going to wait until the release of 1.0 to give installation instructions for WPMU, perhaps I shouldn’t've waited
.
BCG
Hot dog, bcg! Yup, works fine now. A little confused when I didn’t see admin-ssl show up under the plugins tab, but there it is under site admin. My first wpmu install, can’t you tell.
Anyway, thanks again so much for the plugin.
Hi John, glad it’s working for you now! Thanks for the feedback and encouragement
.
Ben,
Just shot you off an e-mail. It’s all good, just seeing some odd errors in my log file.
Thanks,
Jan Dembowski
Ben it is working fine on 2 WPMU installs (one 1.3.3 and one 1.5 RC) so I would have to say it is fine
Perhaps this has been covered already, however I wanted to know if it is possible to stop admin-ssl adding https to images added via the “create new post” option. The only way I can see to get rid of the “s” is to use an external editor (although if one goes back into editing the post via the web, the links will appear to still be secure, however if no changes are made via the web, the links will actually not be secure). Does this make sense?
Drumbo:
Thanks for your post – I have seen this problem. Unfortunately WordPress seems to insert relative, rather than absolute links. The only way to solve this is to use the development version of the plugin (currently 1.0-rc10), which is very stable and about to be released. If you install the dev version, go to the Admin SSL config page, and remove ‘wp-admin/’ from the additional pages, this will make the images work again.
The new behaviour of Admin SSL is NOT to secure ALL admin pages by default, but only wp-login.php and wp-admin/profile.php. This is because of speed issues, and because there is no need in most situations to secure every single admin page. It also has the advantage of fixing this annoying image bug!
Cheers
BCG
Hi, Thanks for the response. Will give the rc version a whirl
I have released version 1.0! Thank you for all who have helped test this version, and who have suggested features – Chris Pepper, Jan Dembowski, Mou and Trent especially.
If you have been using any development versions of Admin SSL between 0.72 and 1.0, please reset your Admin SSL database options before or immediately after installing version 1.0, or you will get a redirect error
.
BCG
You have done a fabulous job on Admin SSL! Your work is much appreciated, and I like the new options in release 1.0.
I am having a small problem and can’t quite figure out how to fix it. I have added custom pages and when I turn on debug, I can see that it is adding 2 forward slashes when it uses the custom pages which breaks the links. Any chance you have a suggestion for a fix?
Thanks!
Ryan
Hi. You’re plugin looks like exactly what I need, but I am cautious…. since it sounds like some folks may be having problems with the new release. Also, I am only interested in securing the log-in page. Is it possible to limit the plug-ins uses to just that?
And, yes, in case you are wondering, I am a complete novice with these particular things.
Any help appreciated. Thanks!
Hi there
The new release works fine, as long as you don’t have one of the cache plugins installed
. The redirection problem mentioned in the previous comment before yours will only occur if you use the ‘use a different blog url than the installation directory’ feature.
Hope that helps! Many people, including myself, use this on our blogs successfully. To secure the minimum number of pages (wp-login.php and profile.php), simply delete all the entries in the ‘Additional URLs’ box on the config page.
BCG
Wonderful plugin! Many thanks indeed!
I did run into one issue though. In a peculiar application, some of the file links on the page were NOT https. (These were some java script links.)
Today I noticed a plugin (http://wordpress.org/extend/plugins/https-for-wordpress/) mentioning this issue.
Do you plan a fix to this bug? (Perhaps I have to install the other plugin meanwhile.)
Again, much thankful for your hard work. I am enjoying your plugin very much! (Hopefully, so do some visitors to my site.)
Hi Peter
Thanks for using the plugin and posting – I’m glad you’re finding it helpful! The ‘bug’ you mention is not really a bug in Admin SSL, but in the plugins themselves that aren’t able to distinguish between HTTP and HTTPS.
If plugins load CSS or JavaScript dynamically, rather than including them in the page HTML, then there is no way I can find for Admin SSL to change the links to be HTTPS. I have been looking into it, but I just can’t find a way!
BCG
Ben, thanks again for the hard work on this plugin and for working with me on securing just the pages that need it. It is working great on WPMU both version now without a hitch and page loads in the admin are 4 times + faster without every page being secured. I like that I can even add “plugin” generated pages to secure
I am also happy to help you and donating something next!
as soon as i got to enable the plugin, the server will reply that my site sent an invalid error code ., error: -12263 whats that mean?
Hi Joseph
The problem is with your SSL certificate installation, rather than Admin SSL. Try here:
http://howtoforge.com/forums/showthread.php?t=18118
Or contact your hosting company for more information.
BCG
Hi BCG,
Just want to say “thank you”. It’s a great and valuable plug-in.
Hi,
today I installed your plugin (WP ‘automatically’ updated it to 1.0.4, so I should have the latest version, I think). The problem is that I am getting
The page isn’t redirecting properly
Iceweasel has detected that the server is redirecting the request for this address in a way that will never complete.
There should be no problem with SSL. I am using private SSL and when accessing the admin section of my webpage with https, everything works fine. The error I am getting only on the pages that are should be secured (wp-login.php and wp-admin/profile.php), for example when I do log-out.
Oops… stupid me didn’t read fully to post my issues here. I already wrote a nice long write-up of an issue I’m having with some weird redirecting issues when using Shared SSL in which the “/wp-” portion of the URL is being dropped. I posted all the details at http://wordpress.org/support/topic/178602.
Looks like a nice plugin. Now only if it would play nicely.
Sounds like there are some funny redirections going on here, perhaps introduced with 1.0.4.
If you could reset your options (instructions on the Reset page above), and then try, to make sure it isn’t a strange config option problem (that’s happened before).
If it still doesn’t work, could you enable debug mode, following the instructions in the FAQ? Then follow the steps you are having trouble with, and email me the debug log file (webmaster AT kerrins DOT net), which will enable to pinpoint where the error is going on.
Cheers
BCG
Is it possible to password-protect the whole site with this plugin? If so, how?
Antonio:
Sadly not – the best way to do that is to set the blog address to https:// – then WordPress itself will force the whole site to be HTTPS.
BCG
Hi,
This is probably a bit too on the edge, however I have svn’d the latest version of wordpress (which is 2.6 bleeding2) and I notice that the admin-ssl plugin is now doing the redirects the whole time.
Is there any possibility of getting an idea on how to fix this?
Thanks
hi Ben,
thanks for this great plugin. i installed it with no problems at all.
i wonder, can we make a rewrite rule that shuttles all traffic to wp-admin to the secure host?
i’m trying to follow the instructions on http://codex.wordpress.org/Administration_Over_SSL but no luck.
my wordpress address is: http://www.myexample.com/wordpress/
thanks a lot
Drumbo:
I’ll take a look, but the problem could be with WP 2.6 of course!
Soyuz:
Try adding ‘wp-admin/’ to the ‘Additional URLs’ box on the Admin SSL config page.
BCG
Hello Ben, thanks for this great plugin. i installed it but I have problems.
I installed last version 1.0 of your plugin and last WPMU 1.5.1
I upload admin-ssl.php to /mu-plugins and rest of files to /mu-plugins/admin-ssl
I go to Site Admin, Admin SSL and I check “Secure my site with SSL”.
My url blog is like http://blogs.company.com and if I try to login works 100% but I create another blog (http://blogs.company.com/blogtest1) when I try to login I get Error 404 Not Found.