Home | Setup | FAQ | History | Reset
Welcome to the homepage of the Admin SSL plugin for WordPress.
For a history of the plugin, please go here.
For setup instructions, please go here.
If you are having problems, please read the FAQ before posting.
If you need to reset Admin SSL, please go here.
The latest release, 2.0, supports WordPress 3.0+. Please note that if you upgrade from a previous version, SSL support will be disabled after the upgrade. This is due to the large coding changes required to support WordPress 3.0+.
Please also note that support for Shared SSL has been removed – if you follow this plugin you will know my hosting provider removed it so I can no longer test it. So in order to make the plugin work with 3.0+ I have had to remove Shared SSL support.
If I could be cheeky, and you would like to make a donation (for all my hard developing!), please use the PayPal donate button below:
Features
- Forces SSL on all pages where passwords can be entered.
- Works with Private SSL only.
- Custom additional URLS (e.g. wp-admin/) can be secured through the config page.
- You can choose where you want the Admin SSL config page to appear!
- Works on WordPress 3.0 – 3.1.1; for previous versions of WordPress please use version 1.4.1, but note it is no longer supported – you should upgrade to the latest WordPress version.
- Other options can be defined on the new configuration page.
- Reset, debug and test modes for troubleshooting.
Downloads
The following downloads are hosted by wordpress.org.
2.0 – The latest stable version, with all the above features.
1.4.1 – The previous stable version, works with WordPress up to 2.9 and supports Shared SSL. (NB the only way I could get Admin SSL to work in WP 2.6+ was to get it to disable the new WordPress authentication cookies, and use the ones from 2.5.1. I personally prefer SSL than the cookie weirdness of 2.6+, but it's up to you.)
If you prefer, you can use the SVN repository. The releases are in the 'tags' subdirectory, the development version in 'trunk'.
I offer as much support as I can, but this is an activity I do in my spare time, so please be patient!
Known Issues
- Admin SSL has 'erratic' behaviour when WordPress is not installed in the same directory as the WordPress URL. This is because of the way the WordPress canonical redirection functions work. I have not yet been able to overcome these.
- The login page (and other admin pages) can be secured, but nothing on the site side.
Screenshots
Secure login page.
Secure plugins screen, with Admin SSL enabled.
design © bcg mmxi
it happened to me too. Richard, you have to reset the plugin by typing in the url to the reset php file in the plugin folder.
The problem arises when you choose to show the plugin settings in the Settings menu (if you opt for the Plugins menu everything works as expected).
A few times I also managed to make the plugin page show by reducing wordpress side menu (clicking on the two arrows) and then again clicking NEAR the two arrows just a few millimeters on the right of them. Passing over the mouse you probably should see a glitch indicating the ‘hidden’ menu. Anyway if you reset the plugin everything will be restored.
Cheers
@alde & @Richard
Switching between the Plugins and Settings menu works absolutely fine for me – It would be good track this bug down, if you could email me any further info?
Hi Ben,
I installed the plugin today, and since I did, when I click the log out link I get a message saying:
“You are attempting to log out of channeltom.com | blog
Please try again.”
Is this something you’ve seen or can fix?
Many thanks,
Tom
PS – other than this I love the plugin!
@Tom
No it isn’t – can you do the debug log thing (FAQ page) and email it to me? Make sure you do a log off with the log enabled, so I can get a better idea of what’s happening.
Cheers
bcg
I periodically end up in an infinite redirect loop using shared ssl where I am bounced between /wp-login.php on my secure site and my regular site.
I can get Admin SSL working again by renaming the admin-ssl-secure-admin plugin directory (thereby disabling it), logging into WordPress, renaming the admin-ssl-secure-admin directory back, and reactivating the plugin. After doing that I can logoff and on with no problems for some time (a day or two) before the problem comes back.
Any ideas?
WordPress v2.7.1
Admin SSL v1.4.1
@Mike
It would be really helpful if when this happens you could enable the debug mode and send me a debug log – it is impossible for me to track down these redirect bugs without that log file.
Thanks!
bcg
hi, thanks for the great plugin you wrote, but since wp 2.7.1 visitors cant comment on the blog.
Im gonna keep an eye on this for the next couple of days, but I disabled all plugins and then enable one by one, and everythings ok with out admin-ssl.
So, talk you back in two days to confirm.
@Maski
Thanks – let me know what you discover, if I get some time I’ll look into it myself as well. Obviously people can comment on my blog ok, and I use Admin SSL!
bcg
Yeah I now it sounds ackward, but maybe its one of those bugs that arise when two different plugins interact.
In my case I had no comments in the whole weekend, right now im testing in two different blogs, if I found anything ill post.
Everything seems to be working fine. Only if I go from Dashboard to Users i get the followin message:
Secure Connection Failed
http://www.shimshon9.com uses an invalid security certificate.
The certificate is only valid for *.ipower.com
(Error code: ssl_error_bad_cert_domain)
* This could be a problem with the server’s configuration, or it could be someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
Any ideas why this is happening?
I’m having the same problems as Mike…
Shared SSL setup resulting in a redirect loop error:
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
My host tells me this is a problem with the plugin (probably a standard answer of theres).
Any ideas?
Pat
@Pat
What are your cookie settings like? If you could send me a debug log, that would be helpful – I use Admin SSL 1.4+ on both Private and Shared SSL setups, with WP 2.7.1, and don’t have any problems.
@Shimshon
Are you using Shared SSL setup? It sounds like you haven’t quite entered your settings correctly, and Firefox is complaining!
bcg
Hi bcg,
first let me thank you for this great plugin. I have the same problems as mike and pat.
Using WP 2.7.1 and AdminSSL 1.4.1 with shared SSL – ending in a redirect loop.
Did you need my debug log for diagnostics too? If so I will email it to you.
Thanks in advance,
Jens
@Jens
Thanks for the log – there is obviously a problem somewhere, but I think tracking it down is going to be tricky, given that it isn’t happening 100% of the time. I’ll get my thinking cap on!
Cheers
bcg
Hi bcg,
think, I found the solution to fix the fatal error caused by admin-ssl-test
Alter line 197 inside admin-ssl-test.php to:
require_once(“admin-ssl.php”);
Naturally this will only fix the test, not the loop…
Cheers,
Jens
Hey there,
this plugin is working great for me except that the login redirect is taking me back to http:// rather than https:// in the backend.
This is the redierct url https://www.fairgrounds.org.uk/wp-login.php?redirect_to=http%3A%2F%2Fwww.fairgrounds.org.uk%2Fwp-admin%2F
I added wp-admin/ to the secure list, but this makes no change, should I send you a log?
Thanks
Nathaniel
edit:
I should say that if i put the ‘s’ in the url in the backend, all seems to ork as it should
@Nathaniel
I’m not sure what you mean – do you mean the ‘s’ in ‘https’?
bcg
I’ll try to make it clearer;
when I first go to login to my admin:
http://www.fairgrounds.org.uk/wp-admin
the url is then automatically changed to:
https://www.fairgrounds.org.uk/wp-login.php?redirect_to=http%3A%2F%2Fwww.fairgrounds.org.uk%2Fwp-admin%2F
I enter my details and I am then taken to:
http://www.fairgrounds.org.uk/wp-admin/
I was assuming that the redirect should take me to:
https://www.fairgrounds.org.uk/wp-admin/
If I then log out I get:
https://www.fairgrounds.org.uk/wp-login.php?loggedout=true
an then log in with my details, I get:
https://www.fairgrounds.org.uk/wp-admin/
which is the correct ‘https’ prefix I should be expecting
I hope that makes sense,
Nathaniel
Hi there
I’ve got it Admin SSL working ok, except that I’m stymied by “Security Warnings” in both Firefox and IE on the page I want secured (Order page)
I’ve tried a test page at https://www.FlexiScreens.com/contact/test with almost zero content, but Error Warnings persist. I’ve also deactivated all plugins 1 by 1, no luck.
Any thoughts on what to try next, because I cannot ‘see’ WHAT the non-secure content is!
Hi Ben,
I think I found it:
Have a look at your quantcast stuff you implemented it via http:// (js and img).
The rest seems to be ok from my point of view.
/Jens
Hi all
Sorry I’m really busy atm with work – thanks Jens for looking into this for me! Nathaniel, can you send me a debug log for when you initially log in please? Obviously the first redirect is not working for some reason.
bcg
Hi Jens
Ok, will do that. My tech guy says pretty much every page/image reference needs to be HTTPS to eliminate the Security Warnings – and there is a problem with the Theme we are using which does not allow for relative URL’s – the menu’s are ALL forced to HTTP etc.
He says that this is the problem needing some work;
Anyway, will report on what happens next – success/failure etc.
@Ben
You could try using the ‘additional URLs’ feature of Admin SSL to secure some of these links? I usually use that feature only for admin stuff, but it should work site-side as well, particularly if you have private SSL.
bcg
Hi BCG
Yeah, tried that, but it then applies the HTTPS links to all pages!!! E.g. if I add the RSS ‘feed’ page to “Additional URLs” then the RSS feed is chnaged to HTTPS on ALL pages! That’s not optimal…
Cheers
Ben
Hi there
Well, Jens was partly right – changing Quantcast URL’s to HTTPS was part of it, but we also had to change the Google Analytics URL to HTTPS to resolve the problem of Security Warnings.
Thanks
Your plug-in seems to work great! I only have one minor concern. It seems that since installing your AdminSSL plug-in, that every image I upload includes a https URL. I have checked and can verify that the “/uploads” directory is not in the “URL LIST” section.
This happens each time I upload a picture with a blog posting i create.
Also, there seems to be an issue when the option “you must be logged in to post” is selected, when your AdminSSL plug-in is enabled.
There is no problem logging in, the issue comes when you try to log out. You get a message stating that you are attempting to log out with a link to try again!
@bamajr
Do you have the wp-admin/ folder in the additional URLs list?
bcg
Is there a way to force a wp menu use https
without adding all the pages to the secure urls options box?
Seems like Admin SSL can secure about 97% of the urls in the header but 100% have to be secured or the certificate fails and the lock icon shows up as broken.
The archives links in the header cannot be secured by Admin SSL so I added all of them up to 2011 because I don’t mind those being https.Is it harmful to just remove those from a wp header?
The wordpress shopping cart adds stuff to the header like a var base url that can’t be secured by this plugin either.
I had this working 100% and then I changed permalinks and now it isn’t 100% anymore.