Home | Setup | FAQ | History | Reset
Welcome to the homepage of the Admin SSL plugin for WordPress.
For a history of the plugin, please go here.
For setup instructions, please go here.
If you are having problems, please read the FAQ before posting.
If you need to reset Admin SSL, please go here.
The latest release, 1.5-b1, supports WordPress 2.8.
NB the only way I could get Admin SSL to work in WP 2.6+ was to get it to disable the new WordPress authentication cookies, and use the ones from 2.5.1. I personally prefer SSL than the cookie weirdness of 2.6+, but it's up to you.
If I could be cheeky, and you would like to make a donation (for all my hard developing!), please use the PayPal donate button below:
Features
- Works with WordPress 2.2 – 2.7 (using both Private and Shared SSL).
- Works with WordPress MU 1.3+ (using Private SSL only).
- Forces wp-login.php, wp-admin/profile.php and wp-admin/users.php to be secured. This cannot be turned off.
- Additional pages and directories to be secured (e.g. wp-admin/) can be defined on the configuration page.
- Other options can be defined on the new configuration page.
- Reset, debug and test modes for troubleshooting.
Downloads
The following downloads are hosted by wordpress.org.
1.4.1 – The latest stable version, with all the above features.
You can also download the development version (1.5-b1), which contains bugfixes and new features as I include them.
If you prefer, you can use the SVN repository. The releases are in the 'tags' subdirectory, the development version in 'trunk'.
Known Issues
- Admin SSL has 'erratic' behaviour when WordPress is not installed in the same directory as the WordPress URL. This is because of the way the WordPress canonical redirection functions work. I have not yet been able to overcome these.
The login page (and other admin pages) can be secured, but nothing on the site side.
Screenshots
Secure login page.
Secure plugins screen, with Admin SSL enabled.
design © bcg mmviii
I had to turn off the plug-in. each time I would add an image link to a URL on my own server, something there would “fix” the links to HTTPS in the POST action, and since my SSL cert is not signed, nobody could see the images.
Yes, I could shorten the links to relative ones and do a lot of other tricks I suppose, but this is just too weird and too much of a hassle. I’m happy with the fact the admin interface (and with it the entire blog) is available via the https, but I’m doing away with the automatic redirection, it’s just too much of a hassle.
Hey Guys!
I am using both the Admin-SSL and CFormsII plug-ins on a site I’m building. Both plug-ins work great separately, but when I try to add the SSL to a page that uses a form, the form will no longer submit. Somehow when the page is directed to use https the form acts like it submits, but it doesn’t
Any help would be greatly appreciated!
Thanks!
~SarahB
Hi guys
I am aware that Admin SSL has stopped working in WordPress 2.8, I will hopefully have some time over the weekend to look into it and get it working again.
Cheers
bcg
Hi guys
I’ve made a couple of updates to the code, and released 1.5-b1 – it’s installed on my blog and seems to be working fine for me, please could you confirm whether or not it’s working for you, and if not email me a debug file?
Cheers
bcg
Uploaded it into plugins folder, but once I activate it, just goes round in a page redirection loop. Don’t get a chance to set it up for shared SSL.
Thanks
Rob
Hi Ben,
Where can I find the download link for the 1.5-b1 release? I hope I’m not missing something right in front of me
Thanks!
~SarahB
I have found a problem when using Admin SSL. I cannot upload files using the flash uploader. Other problems do not exist, and they are all fine. Thank You
@Robz
Please try one of the reset methods, and do the setup again.
@SarahB
I’ll add a download link – thanks for letting me know, it’ll be the ‘development version’ above.
@JCNetworks
Thanks for letting me know, I’ll look into it.
bcg
Still having the same redirect problem (reseting the config by all the ways). I’ve a debug file, if needed.
Greets,
Jbrinx
I’ve tried first three reset options. Managed to re-install and set up with shared server details, but then I can’t log out of WordPress. It keeps telling me to try again. If I delete browser cache, cookies and try to log in again, I just get endless redirections.
Robert
Reset using first three options. Re-installed and entered shared SSL details and all seemed fine, but then could not log out of WordPress. Cleared cache, cookies etc, but then when tried to log in again, just got redirected again.
Robert
Hello again Ben,
I have installed the “development version” of your plug-in and I’m still having the same troubles that I mentioned above. Did the new version have any patches for working with CFormsII? Sorry for bugging you with this, I’ve just ran out of ideas. Please let me know if you have any suggestions, I would greatly appreciate it!
Thanks!
~SarahB
It just goes round and round in a loop for me too.
I get the same problem as robz.
Once I hit activate I have to login again and I get the redirection loop without entering anything.
Then when I delete all the cookies I can enter the setup and activate it and enter my information. But after I entered it (correctly numerous times) I cant login anymore. Its really frustrating :/
After updating to WordPress 2.8 and the 1.5-b1 version of admin-ssl, I started seeing endless redirects when I tried to log in. admin-ssl would redirect to admin-ssl-cookie.php, but that would in turn redirect back to wp-login.php, which would just send the browser back to admin-ssl-cookie.php. The only additional configuration setting I made (and this had been done back in the WP 2.7/Admin-SSL 1.4 timeframe where it was working just fine) was to also protect wp-admin/.
The only way I found to get it to work was to modify includes/cookies.php and remove the “&& redirect_to() !== “wp-admin/”" condition such that admin-ssl-cookie.php is given a redirect to wp-admin instead of wp-login.php. I don’t know why it stopped working in 2.8 and required this change, so if you have any insights, I’d greatly appreciate it.
I have the same problem as Robz. Activating the plugin leads to a redirect loop. Rest methods 2-4 didn’t solve the problem. I have WordPress 2.8 with Admin SLL 1.5-b1. The plugin worked fine with former WordPress versions.
So BrianB you solved that redirection removing those parts? Could you specify a little bit more?
Thanks,
JBrinx
Any ETA on a 2.8 compatible update? Thanks for your hard work!
You say version 1.51b works with wordpress 2.8, but there is no link to download it here anywhere, and nowhere on the WP repository to get any version beyond 1.41. Even in “other versions” it shows past versions, but nothing beyond 1.41.
Where can we get this?
With the plugin activated, every time I access a https address it automatically forwards to http. Any ideas? I’m using wordpress 2.7
Hello,
I installed your plugin yesterday in wordpress 2.7.1 and it seemed to work okay. I went to login this morning and got put in an infinite loop. I tried all your reset options via your faq page nothing worked so I deleted the plugin.
However it’s still forcing my wp-admin into https and if I try to go to it via http I get stuck in the infinite loop…how do I fix this…please help.
Hello, can you force just one specific page to go secure, or is it only by classification, such as pages, posts, etc.?
Dear all – I’m going to close this page for comments while I work on support for WordPress 2.8, I keep hoping I’ll have a day to do it, hopefully I’ll have some time in the next few days.
bcg
Dear all – my hosting company in their wisdom have decided to remove Shared SSL from the hosting plan – meaning I can no longer test that feature of Admin SSL. I have no idea how to test it now – if you have any ideas, please post them here, or email them to me. If you would be willing to do some testing for me, then please let me know – we would have to be on Skype or MSN at the same time for that to work, with me updating files and you testing them on your server.
bcg