Comments for bcg http://www.kerrins.co.uk/blog Thu, 04 Dec 2008 08:19:40 +0000 http://wordpress.org/?v=2.6.5 Comment on Admin SSL by bcg http://www.kerrins.co.uk/blog/admin-ssl/#comment-1587 bcg Wed, 26 Nov 2008 08:27:22 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1587 @Shane: Thanks very much - I'll have a look into it! BCG @Shane:

Thanks very much - I’ll have a look into it!

BCG

]]> Comment on Admin SSL by Shane Hartman http://www.kerrins.co.uk/blog/admin-ssl/#comment-1586 Shane Hartman Tue, 25 Nov 2008 22:51:35 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1586 The plugin is great. I found one issue wth version 1.3.2. If you are using nextgen gallery and you select show slide show, it invokes the jw image rotator (flash) with an url feed like http://talon.bogometer.com/wp/wp-content/plugins/nextgen-gallery/nggextractXML.php?gid=7 This will invoke the nextgen gallery plugin file nggextractXML.php. It will go for wp-load.php in 2.6 which causes the init function of admin_ssl in https.php to run. That sets up as_ob_handler to run later as an output filter. When as_ob_handler is subquently called, the routine get_option (for get_option(”home”) or get_option(”siteurl”)) is not loaded for some reason. That causes the generation of the xml to fail for nextgen and so no slide show I kludged around it with if (!defined(’get-option’)) return $buffer; But you may want to look into it. The plugin is great. I found one issue wth version 1.3.2. If you are using nextgen gallery and you select show slide show, it invokes the jw image rotator (flash) with an url feed like

http://talon.bogometer.com/wp/wp-content/plugins/nextgen-gallery/nggextractXML.php?gid=7

This will invoke the nextgen gallery plugin file nggextractXML.php.

It will go for wp-load.php in 2.6 which causes the init function of admin_ssl in https.php to run. That sets up as_ob_handler to run later as an output filter. When as_ob_handler is subquently called, the routine get_option (for get_option(”home”) or get_option(”siteurl”)) is not loaded for some reason. That causes the generation of the xml to fail for nextgen and so no slide show

I kludged around it with

if (!defined(’get-option’)) return $buffer;

But you may want to look into it.

]]> Comment on Admin SSL by Extra Pepperoni » Drupal? http://www.kerrins.co.uk/blog/admin-ssl/#comment-1580 Extra Pepperoni » Drupal? Tue, 18 Nov 2008 05:11:49 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1580 [...] IPs for blog management. No, I don’t want to use funky ports to make the SSL vhosts work. The Admin-SSL plug-in can use a different SSL prefix (”Shared SSL”) with regular WordPress, but not [...] [...] IPs for blog management. No, I don’t want to use funky ports to make the SSL vhosts work. The Admin-SSL plug-in can use a different SSL prefix (”Shared SSL”) with regular WordPress, but not [...]

]]> Comment on Admin SSL by John Biethan http://www.kerrins.co.uk/blog/admin-ssl/#comment-1576 John Biethan Fri, 14 Nov 2008 20:52:48 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1576 No I cannot verify the "lock" at the bottom right using FireFox indicating that the connection is not secure. The test setup on the VPS with the Shared SSL Cert on PodVenturesMedia.com a) we are testing hush-t-scape.com/wp-admin b) the "umbrella" company is podventuresmedia.com so the SSL is issued to it and NOT to the particular URL being tested. It is a "shared SSL" cert. c) there are MANY URLs on the VPS with their own account and under the company - that will use this plugin (assuming it works). 1) We are wanting to use the plugin with the Shared SSL Cert for any of the WordPress sites on the VPS. 2) We're only needing to protect the login and as the plugin has been designed to do. Other possibly useful information: And when I logout, the URL is: https://hush-t-scape.com/wp-admin/ and with a "lock" in FireFox and on the screen with the expected Warning: Unknown: open_basedir restriction in effect. When I attempt to log back in at http://hush-t-scape.com/wp-admin/ It logs me in automatically without asking for my password which is not been set to be "saved." ??? Note: Under the settings for the Admin SSL plugin and for the Shared SSL URL Per our tech support at our VPS hosting company, it is "https://hush-t-scape.com/wp-admin. They said that although the cert. is issued to podventuresmedia.com which is the main site on the VPS and our company URL, the plugin's Shared SSL URL setting should be set in Hush-T-Scape.com for the site that's using the plugin: https://hush-t-scape.com/wp-admin. I really do appricate your work on the plugin and your response to my email. John No I cannot verify the “lock” at the bottom right
using FireFox indicating that the connection is not secure.

The test setup on the VPS with the Shared SSL Cert on PodVenturesMedia.com
a) we are testing hush-t-scape.com/wp-admin
b) the “umbrella” company is podventuresmedia.com so the SSL is issued to it and NOT to the particular URL being tested. It is a “shared SSL” cert.
c) there are MANY URLs on the VPS with their own account and under the company - that will use this plugin (assuming it works).

1) We are wanting to use the plugin with the Shared SSL Cert for any of the WordPress sites on the VPS.
2) We’re only needing to protect the login and as the plugin has been designed to do.

Other possibly useful information:
And when I logout, the URL is:
https://hush-t-scape.com/wp-admin/ and with a “lock” in FireFox and on the screen with the expected Warning: Unknown: open_basedir restriction in effect.

When I attempt to log back in at http://hush-t-scape.com/wp-admin/
It logs me in automatically without asking for my password
which is not been set to be “saved.” ???

Note:
Under the settings for the Admin SSL plugin and
for the Shared SSL URL
Per our tech support at our VPS hosting company,
it is “https://hush-t-scape.com/wp-admin.

They said that although the cert. is issued to podventuresmedia.com
which is the main site on the VPS and our company URL,
the plugin’s Shared SSL URL setting should be set in Hush-T-Scape.com for the site that’s using the plugin:
https://hush-t-scape.com/wp-admin.

I really do appricate your work on the plugin and
your response to my email.

John

]]> Comment on Admin SSL by bcg http://www.kerrins.co.uk/blog/admin-ssl/#comment-1575 bcg Fri, 14 Nov 2008 08:47:12 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1575 Hi John The default behaviour of Admin SSL is to secure the login process and user profile pages, not the entire wp-admin folder. It is possible to do the latter, but I felt the performance hit is not worth securing every single page, but only those with passwords/confidential information on. Can you confirm that the login process is secured with your Shared SSL? bcg Hi John

The default behaviour of Admin SSL is to secure the login process and user profile pages, not the entire wp-admin folder.

It is possible to do the latter, but I felt the performance hit is not worth securing every single page, but only those with passwords/confidential information on.

Can you confirm that the login process is secured with your Shared SSL?

bcg

]]> Comment on Admin SSL by John Biethan http://www.kerrins.co.uk/blog/admin-ssl/#comment-1574 John Biethan Wed, 12 Nov 2008 18:11:26 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1574 I'm testing this plugin on our VPS with a shared SSL cert. The shared SSL cert. is attached to the main domain on our VPS, PodVenturesMedia.com (a WordPress site). The plugin version is 1.3.2. My Browser is FireFox v3.0.3. Under the Admin SSL settings page, the Shared SSL URL is: https://podventuresmedia.com/wp-admin/ The test site on the VPS is Hush-T-Scape.com running WordPress 2.6.3. When I log into the dashboard at http://www.hush-t-scape.com the dashboard opens but without an SSL lock. When I try to log into https://www.hush-t-scape.com (securely) I get giberish as expected. Any help you could provide would be greatly appricated as we'd like to use this plugin and see it's value in securing a WordPress site. John I’m testing this plugin on our VPS with a shared SSL cert.
The shared SSL cert. is attached to the main domain on our VPS, PodVenturesMedia.com (a WordPress site).

The plugin version is 1.3.2.
My Browser is FireFox v3.0.3.
Under the Admin SSL settings page, the
Shared SSL URL is: https://podventuresmedia.com/wp-admin/

The test site on the VPS is Hush-T-Scape.com running WordPress 2.6.3.
When I log into the dashboard at http://www.hush-t-scape.com
the dashboard opens but without an SSL lock.

When I try to log into https://www.hush-t-scape.com (securely)
I get giberish as expected.

Any help you could provide would be greatly appricated
as we’d like to use this plugin and see it’s value in securing
a WordPress site.

John

]]> Comment on Admin SSL by Kenn http://www.kerrins.co.uk/blog/admin-ssl/#comment-1573 Kenn Tue, 11 Nov 2008 14:45:35 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1573 Great, thank you! Great, thank you!

]]> Comment on Admin SSL by bcg http://www.kerrins.co.uk/blog/admin-ssl/#comment-1572 bcg Tue, 11 Nov 2008 10:11:59 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1572 @Kenn: This could work - but only for Private SSL. I'll see what I can do for the next release - I need to check compatibility with WP 2.7 as well. BCG @Kenn:

This could work - but only for Private SSL. I’ll see what I can do for the next release - I need to check compatibility with WP 2.7 as well.

BCG

]]> Comment on Admin SSL by Kenn http://www.kerrins.co.uk/blog/admin-ssl/#comment-1569 Kenn Sun, 09 Nov 2008 18:36:53 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1569 Great plugin, thanks. I have one request though (and it may already be possible): Can this be toggled on and off via a constant in wp-config? I do all my development locally before deploying to production servers and frequently take copies of the production databases for local use. When I do this, my Admin SSL settings are obviously enabled on my dev environment where I don't have SSL set up, as it isn't needed. I'm envisioning something like a boolean WP_ADMIN_SSL definition. This will allow users to wrap it in conditionals and only have it enabled on certain environments (by checking the value of $_SERVER['HTTP_HOST'], for example), and not use it when it isn't desirable. (I realize, of course, that I can simply set up SSL locally as well, but I think a wp-config option would a much more practical solution.) Thanks. Feel free to e-mail me if you have any questions or need clarification about this use case. Great plugin, thanks. I have one request though (and it may already be possible): Can this be toggled on and off via a constant in wp-config?

I do all my development locally before deploying to production servers and frequently take copies of the production databases for local use. When I do this, my Admin SSL settings are obviously enabled on my dev environment where I don’t have SSL set up, as it isn’t needed.

I’m envisioning something like a boolean WP_ADMIN_SSL definition. This will allow users to wrap it in conditionals and only have it enabled on certain environments (by checking the value of $_SERVER['HTTP_HOST'], for example), and not use it when it isn’t desirable.

(I realize, of course, that I can simply set up SSL locally as well, but I think a wp-config option would a much more practical solution.)

Thanks. Feel free to e-mail me if you have any questions or need clarification about this use case.

]]> Comment on Admin SSL by bcg http://www.kerrins.co.uk/blog/admin-ssl/#comment-1563 bcg Mon, 03 Nov 2008 22:14:27 +0000 http://www.kerrins.co.uk/blog/?page_id=128#comment-1563 @Mike Absolutely - if you have Private SSL you can secure individual URLs - that is why the box is called 'Additional URLs' rather than 'Additional Pages'. So, if you wanted to secure site.com/blog/some-secure-page/ you would add 'some-secure-page/' to the Additional URLs box. BCG @Mike

Absolutely - if you have Private SSL you can secure individual URLs - that is why the box is called ‘Additional URLs’ rather than ‘Additional Pages’.

So, if you wanted to secure site.com/blog/some-secure-page/ you would add ’some-secure-page/’ to the Additional URLs box.

BCG

]]>