Home | Setup | FAQ | History | Reset
Welcome to the homepage of the Admin SSL plugin for WordPress.
For a history of the plugin, please go here.
For setup instructions, please go here.
If you are having problems, please read the FAQ before posting.
If you need to reset Admin SSL, please go here.
The latest release, 2.0, supports WordPress 3.0+. Please note that if you upgrade from a previous version, SSL support will be disabled after the upgrade. This is due to the large coding changes required to support WordPress 3.0+.
Please also note that support for Shared SSL has been removed – if you follow this plugin you will know my hosting provider removed it so I can no longer test it. So in order to make the plugin work with 3.0+ I have had to remove Shared SSL support.
If I could be cheeky, and you would like to make a donation (for all my hard developing!), please use the PayPal donate button below:
Features
- Forces SSL on all pages where passwords can be entered.
- Works with Private SSL only.
- Custom additional URLS (e.g. wp-admin/) can be secured through the config page.
- You can choose where you want the Admin SSL config page to appear!
- Works on WordPress 3.0 – 3.1.1; for previous versions of WordPress please use version 1.4.1, but note it is no longer supported – you should upgrade to the latest WordPress version.
- Other options can be defined on the new configuration page.
- Reset, debug and test modes for troubleshooting.
Downloads
The following downloads are hosted by wordpress.org.
2.0 – The latest stable version, with all the above features.
1.4.1 – The previous stable version, works with WordPress up to 2.9 and supports Shared SSL. (NB the only way I could get Admin SSL to work in WP 2.6+ was to get it to disable the new WordPress authentication cookies, and use the ones from 2.5.1. I personally prefer SSL than the cookie weirdness of 2.6+, but it's up to you.)
If you prefer, you can use the SVN repository. The releases are in the 'tags' subdirectory, the development version in 'trunk'.
I offer as much support as I can, but this is an activity I do in my spare time, so please be patient!
Known Issues
- Admin SSL has 'erratic' behaviour when WordPress is not installed in the same directory as the WordPress URL. This is because of the way the WordPress canonical redirection functions work. I have not yet been able to overcome these.
- The login page (and other admin pages) can be secured, but nothing on the site side.
Screenshots
Secure login page.
Secure plugins screen, with Admin SSL enabled.
design © bcg mmxi
@RedGecko
Thanks I’ll look at adding this to the source.
bcg
I have admin-ssl installed. It seems that it’s not possible to open any blogpost via https, but only via http. Is this a know issue of admin-ssl?
Can’t admin-ssl just ignore the url if it’s already secure?
I run into this problem because I also use a Twitter plugin. When I mark a post to be send to Twitter, it automatically created a bit.ly shortcut to the https-url of the blogpost because I’m logged in and working via https.
Hi again,
I found that wpmu-plugin domain mapping adds two actions:
add_action( ‘pre_option_siteurl’, ‘domain_mapping_siteurl’ );
add_action( ‘pre_option_home’, ‘domain_mapping_siteurl’ );
Admin SSL does not add these actions, but some others and some filters.
What I am wondering is how Admin SSL does the redirect to ssl, can you point me to the correct place in the source please?
Domain mapping does it pretty simple, it rewrites it like this:
$protocol . $domain . $current_blog->path
where protocol is https:// or http://
It seems that Admin SSL and Domain mapping is doing redirects that “compete”. Example: I have b.uib.no wpmu install, and test.b.uib.no wants to be mapped to test.com using Domain mapping plugin. I don’t know which one does the first redirect, but it seems this is what happens:
..
AS redirects to https://test.b.uib.no/wp-admin
DM redirects to https://test.com/wp-admin
AS redirects to https://test.b.uib.no/wp-admin
DM redirects to https://test.com/wp-admin
etc.
I have the same exact issue as Jeremiah… any resolution to this?
Jeremiah
4 May 2009 at 10:37pm
I am using this on a WP install for a client. Whoever originally installed wordpress didnn’t install WP in the root directory, but rather the directory /wp. but WP publishes to the Root. So if I want to go to the admin I type domain.com/wp/wp-admin. If I want to visit the site I type domain.com.
When I turn on admin SSL it forces a redirect of domain.com -> domain.com/wp/ which produces a 404. It also does a weird rewrite of the URLs in additional URLs. if my URL is domain.com/additional-URL/ it rewrites the URL domain.com/wpditional-URL Notice how it truncates part of the address as it places in the WP.
My question is there any way to get the plugin to ingnore the /wp/ for page level enforcement? I really don’t want to move the WP install as there would be lots of referential issues I would have to untie.
Thanks for the help
“Admin SSL has ‘erratic’ behaviour when WordPress is not installed in the same directory as the WordPress URL. This is because of the way the WordPress canonical redirection functions work. I have not yet been able to overcome these.
The login page (and other admin pages) can be secured, but nothing on the site side.”
so this is to say then that since my site is setup with a static front page at annamayer.com and that the loop is at annamayer.com/news and my blog is installed at annamayer.com/ibablog that it will not work. correct?
@Brian
Yeah – on the FAQ you’ll see that this is known, but there’s nothing I can do about it, I’ve worked long and hard to try and fix it, but I haven’t managed it so far.
bcg
I installed admin-ssl on my server at http://www.waterswebshops.com yesterday and it worked fine.
Today, we upgraded to PHP 5.2.9 (from PHP 4.4.9) and now I’m getting this error when I turn admin ssl on:
Warning: Cannot modify header information – headers already sent by (output started at /home/watescom/public_html/wp-admin/admin-header.php:17) in /home/watescom/public_html/wp-content/plugins/admin-ssl-secure-admin/admin-ssl.php on line 125
(I turned admin ssl off in the first place because, after upgrading, I was getting an endless redirection and ended up completed uninstalling the plugin (including removing the settings from the database via phpmyadmin.
Can you help figure out how to make the plugin work?
Thank you!
I’m having problems with this plugin and WP2.8, I cannot access the admin page in any way (well, deinstaling the plugin).
And I’ve seen on http://plugincheck.bravenewcode.com/ that your plugin is not working on 2.8 because of some harcoded text, just as an info.
If you need, I’ve a debug file.
Any idea?
Thanks in advance
@JBrinx
Thanks, I’ll look into it – not had much time recently to do any coding at all, sorry folks!
bcg
I can confirm that Admin SSL becomes non-functional in WP 2.8.
I had to turn off the plug-in. each time I would add an image link to a URL on my own server, something there would “fix” the links to HTTPS in the POST action, and since my SSL cert is not signed, nobody could see the images.
Yes, I could shorten the links to relative ones and do a lot of other tricks I suppose, but this is just too weird and too much of a hassle. I’m happy with the fact the admin interface (and with it the entire blog) is available via the https, but I’m doing away with the automatic redirection, it’s just too much of a hassle.
Hey Guys!
I am using both the Admin-SSL and CFormsII plug-ins on a site I’m building. Both plug-ins work great separately, but when I try to add the SSL to a page that uses a form, the form will no longer submit. Somehow when the page is directed to use https the form acts like it submits, but it doesn’t
Any help would be greatly appreciated!
Thanks!
~SarahB
Hi guys
I am aware that Admin SSL has stopped working in WordPress 2.8, I will hopefully have some time over the weekend to look into it and get it working again.
Cheers
bcg
Hi guys
I’ve made a couple of updates to the code, and released 1.5-b1 – it’s installed on my blog and seems to be working fine for me, please could you confirm whether or not it’s working for you, and if not email me a debug file?
Cheers
bcg
Uploaded it into plugins folder, but once I activate it, just goes round in a page redirection loop. Don’t get a chance to set it up for shared SSL.
Thanks
Rob
Hi Ben,
Where can I find the download link for the 1.5-b1 release? I hope I’m not missing something right in front of me
Thanks!
~SarahB
I have found a problem when using Admin SSL. I cannot upload files using the flash uploader. Other problems do not exist, and they are all fine. Thank You
@Robz
Please try one of the reset methods, and do the setup again.
@SarahB
I’ll add a download link – thanks for letting me know, it’ll be the ‘development version’ above.
@JCNetworks
Thanks for letting me know, I’ll look into it.
bcg
Still having the same redirect problem (reseting the config by all the ways). I’ve a debug file, if needed.
Greets,
Jbrinx
I’ve tried first three reset options. Managed to re-install and set up with shared server details, but then I can’t log out of WordPress. It keeps telling me to try again. If I delete browser cache, cookies and try to log in again, I just get endless redirections.
Robert
Reset using first three options. Re-installed and entered shared SSL details and all seemed fine, but then could not log out of WordPress. Cleared cache, cookies etc, but then when tried to log in again, just got redirected again.
Robert
Hello again Ben,
I have installed the “development version” of your plug-in and I’m still having the same troubles that I mentioned above. Did the new version have any patches for working with CFormsII? Sorry for bugging you with this, I’ve just ran out of ideas. Please let me know if you have any suggestions, I would greatly appreciate it!
Thanks!
~SarahB
It just goes round and round in a loop for me too.
I get the same problem as robz.
Once I hit activate I have to login again and I get the redirection loop without entering anything.
Then when I delete all the cookies I can enter the setup and activate it and enter my information. But after I entered it (correctly numerous times) I cant login anymore. Its really frustrating :/
After updating to WordPress 2.8 and the 1.5-b1 version of admin-ssl, I started seeing endless redirects when I tried to log in. admin-ssl would redirect to admin-ssl-cookie.php, but that would in turn redirect back to wp-login.php, which would just send the browser back to admin-ssl-cookie.php. The only additional configuration setting I made (and this had been done back in the WP 2.7/Admin-SSL 1.4 timeframe where it was working just fine) was to also protect wp-admin/.
The only way I found to get it to work was to modify includes/cookies.php and remove the “&& redirect_to() !== “wp-admin/”" condition such that admin-ssl-cookie.php is given a redirect to wp-admin instead of wp-login.php. I don’t know why it stopped working in 2.8 and required this change, so if you have any insights, I’d greatly appreciate it.
I have the same problem as Robz. Activating the plugin leads to a redirect loop. Rest methods 2-4 didn’t solve the problem. I have WordPress 2.8 with Admin SLL 1.5-b1. The plugin worked fine with former WordPress versions.
So BrianB you solved that redirection removing those parts? Could you specify a little bit more?
Thanks,
JBrinx
Any ETA on a 2.8 compatible update? Thanks for your hard work!
You say version 1.51b works with wordpress 2.8, but there is no link to download it here anywhere, and nowhere on the WP repository to get any version beyond 1.41. Even in “other versions” it shows past versions, but nothing beyond 1.41.
Where can we get this?
With the plugin activated, every time I access a https address it automatically forwards to http. Any ideas? I’m using wordpress 2.7