Home | Setup | FAQ | History | Reset
Welcome to the homepage of the Admin SSL plugin for WordPress.
For a history of the plugin, please go here.
For setup instructions, please go here.
If you are having problems, please read the FAQ before posting.
If you need to reset Admin SSL, please go here.
The latest release, 2.0, supports WordPress 3.0+. Please note that if you upgrade from a previous version, SSL support will be disabled after the upgrade. This is due to the large coding changes required to support WordPress 3.0+.
Please also note that support for Shared SSL has been removed – if you follow this plugin you will know my hosting provider removed it so I can no longer test it. So in order to make the plugin work with 3.0+ I have had to remove Shared SSL support.
If I could be cheeky, and you would like to make a donation (for all my hard developing!), please use the PayPal donate button below:
Features
- Forces SSL on all pages where passwords can be entered.
- Works with Private SSL only.
- Custom additional URLS (e.g. wp-admin/) can be secured through the config page.
- You can choose where you want the Admin SSL config page to appear!
- Works on WordPress 3.0 – 3.1.1; for previous versions of WordPress please use version 1.4.1, but note it is no longer supported – you should upgrade to the latest WordPress version.
- Other options can be defined on the new configuration page.
- Reset, debug and test modes for troubleshooting.
Downloads
The following downloads are hosted by wordpress.org.
2.0 – The latest stable version, with all the above features.
1.4.1 – The previous stable version, works with WordPress up to 2.9 and supports Shared SSL. (NB the only way I could get Admin SSL to work in WP 2.6+ was to get it to disable the new WordPress authentication cookies, and use the ones from 2.5.1. I personally prefer SSL than the cookie weirdness of 2.6+, but it's up to you.)
If you prefer, you can use the SVN repository. The releases are in the 'tags' subdirectory, the development version in 'trunk'.
I offer as much support as I can, but this is an activity I do in my spare time, so please be patient!
Known Issues
- Admin SSL has 'erratic' behaviour when WordPress is not installed in the same directory as the WordPress URL. This is because of the way the WordPress canonical redirection functions work. I have not yet been able to overcome these.
- The login page (and other admin pages) can be secured, but nothing on the site side.
Screenshots
Secure login page.
Secure plugins screen, with Admin SSL enabled.
design © bcg mmxi
Thanks so much. This is a huge help!
Ben,
Much thanks! I was going to poke at it, but my PHP is not up to the task.
Except for three small changes for me, it looks good. If I run into any issues I’ll post a comment here.
Thanks,
Jan Dembowski
Thanks for taking the time to update the plugin! It would be great if this plugin would play nicely with the ldap auth plugin located @ http://sourceforge.net/forum/forum.php?forum_id=756461 (or the ldap plugin playing nicely with admin ssl plugin). I guess this plugin isn’t really designed for WPMU, but it works good without the ldap plugin installed. I need both. i’ll keep researching but i might have to dive into the code when I have some time.
Thanks again
Thank you so much Ben, I was in the process of doing this myself, and had just realized that I didn’t have the time nor the skills.
Rossi
deejam:
If you get the chance or find a way to do this, let me know. It looks like it should be possible – but I don’t have an LDAP server to test it with I’m afraid!
Well I’ve managed to secure the dashboard by using the clean_url filter – but at the cost of a JavaScript error.
The problem is that the WordPress Stats plugin calls scripts and stylesheets from http://wordpress.com, and you can’t just switch to https! It’s up to the plugin provider to provide a secure url to their external files, I think.
So unless anyone has anything clever they can suggest, I’m not sure this one can be solved, short of disabling the stats plugin.
Hello,
I don’t find any one with the same problem i have so I hope i’ll find here some help, when I activate the plugin and try to access wp-admin, i get an error with firefox ( bad redirect ), if someone have any idea to fix this, it’ll be very helpful.
Thanks in advance.
Cheers,
DW
DispoWeb:
Are you using an old version of admin-ssl? This was the problem before I updated it to work with WP 2.5.
Or, if you are not using WP 2.5 please use the older version of admin-ssl, version 0.64.
In fact, I’ll update this site so that is made more clear.
BCG
Hello,
I’m using the new version of admin-ssl ( 0.67 ) and wordpress 2.5, it’s really very strange as problem, I don’t find anyone who has the same problem.
Cheers,
DW
DispoWeb:
Did you downloade it from the link, or the SVN repository? Sorry, I didn’t make clear before that the repository is my test version, as I try to fix the Dashboard problem, and so may not work.
Are you using shared or private SSL?
BCG
EDIT: try using the latest version from the repository – as I was testing it I had a redirection problem, when entering a non-https admin url having already logged in.
Hello,
Thanks for your reply, I donwloaded the plugin from your blog and i’m using a private SSL.
).
I can access to my website using https://www.mywebsite.com and https://www.mywebsite.com/wp-admin/ without the plugin but i get the redirection error when i activate it.
Can you drop me an email, I’ll send you the correct URL to see the error ( my english is not very well so it’s better to see the error yourself
Cheers,
DW
After updating from 2.3 to 2.5 and activating admin_ssl.php v0.67, I get redirect errors. It looks like it gets in a loop of redirecting from one fage to another. Removing the admin_ssl.php restores. Just in case I tried redownloading admin_ssl.php v0.67 again and uploading to plugins directory and I ran into same problem after activating. Clicking on a link in the admin area after activation seems to add extra /php/ directory in the target. My blog file is in http://www.mysite.org/php/my_blog/
Dear all
If you are experiencing problems with admin-ssl, please try downloading 0.70-b6. It is my latest development version, that I am using on my own blog, and seems to be working fine so far. I have made a lot of changes to the code, which is why I haven’t released it as a ‘stable’ version.
If you are using Shared SSL you MUST use this version of the plugin as it contains the fix to make admin-ssl work with Shared SSL under WordPress 2.5.
BCG
Hi,
Thanks for updating the plugin. I seem to have a problem though. When I’m editting a post and want to insert a link using WYSYWYG I only get an empty popup.
Any ideas?
Regards,
Joost
Joost:
As I said in the post, there is a problem with TinyMCE itself – you need to edit tiny_mce_config.php in order for it to work under SSL. Please go here:
http://trac.wordpress.org/attachment/ticket/6544/6544.2.diff
to see the patch that you need to apply in order for TinyMCE to work. I’ve applied it myself and there isn’t any problem.
BCG
Hi Ben
Thanks for this, you’ve saved me some work
Question though – do you have any inkling as to what it does to breaks the K2 AJAX comments? Ive suffered that problem since before 2.5, but assumed it was down to my customized theme.
Chances are fixing it probably won’t be too difficult – the problem I have is finding the time to debug…
Mou:
As you probably noticed when you left the comment, I managed to fix the problem!
I tracked it down to comments-ajax.php, lines 30 and 34. They clash with the output buffering used by admin-ssl. If you comment them out, then live commenting will work.
I haven’t had any problems yet, but I don’t like commenting out pieces of code – I’ve asked the K2 guys why there is output buffering there (I can’t see it myself), but no response.
BCG
Thanks so much for this! I hope you keep on updating it and really appreciate it!
BCG,
Thanks for stepping in! admin-ssl 0.64 is blocking comments on , so I was pleased to see you’re actively working on it.
FYI: When I create a new account on my test blog, it sends me to , instead of the correct (configured in the Shared SSL field, and working for admin access).
Have you considered changing the new account email link from http to https? I of course understand if you don’t want to touch this.
Thanks again!
Chris Pepper
Chris:
This is now fixed in 0.71.
BCG
I bcg, thanks first of all for this wordpress 2.5 plugin. I saw before that there is a fix for standard tinymce who comes with wp 2.5. I use http://wordpress.org/extend/plugins/tinymce-advanced/ (3.0 compatible with wp 2.5).
I would like to know if there is a fix also for this one. When i activate admin-ssl and i go to write page, icons of tinymce-advanced are broken even if maybe editor works correctly (i didn’t tested this..)
Thanks in advance
A neat idea, since I have a dedicated SSL on my site. However, when you engage SSL, it affects the WordPress 2.5′s visual editor negatively. The insert link window, for example, is blank, and spell check no longer functions.
Can you fix?
Disabling SSL restores this to normal operation.
Peace,
Gene Steinberg
Hi Gene:
Check out the ‘Known Issues’ section at the top of this post, which explains the problem and gives the solution.
Cheers
BCG
Hi,
Fantastic that you picked up this plugin and got it working! If I may request something – I have been trying to use WP-OPENID, however it does not play nice (unfortunately can’t be more descriptive than that) with admin-ssl.
Would be quite handy if it could be made to work!
Thanks again
I am just working out the changes to use this with the upcoming WPMU 1.5 release and just having some issues since the admin-ssl.php file has cannot be in a subdirectory and every other file can still be in the folder. Any clues? Much appreciated for reworking this plugin! That is great!
Trent