Using central SSL'd login
-
Hi there
I’m trying to secure admin access to our multi domain mapped wordpress installation.
The current workflow is that a users logs in at:
http://site.userdomain.tld/wp-admin/
then gets 301 redirected to:
http://wordpress.our_ssl_enabled_domain.tld/wp-admin/userdomain/
They then end up at their user dashboard which is good.I’ve added support for https://wordpress.our_ssl_enabled_domain.tld/, so with a htaccess rule, can redirect like so:
# if you're not on the SSL enabled domain RewriteCond %{HTTP_HOST} !^wordpress\.our_ssl_enabled_domain\.tld # and you try to access the admin RewriteCond %{REQUEST_URI} ^.*/wp-admin # go to the ssl enabled admin path RewriteRule ^(.*)$ https://wordpress.our_ssl_enabled_domain.tld/wp-login.php [R=301,L]
This method loses the /userdomain/ variable as that needs to be given by this plugin so the user no longer ends up at their custom dashboard which is no good.
It’s not acceptable to have the user login over plain text at http://site.userdomain/wp-admin/ then get redirected back to https://wordpress.our_ssl_enabled_domain.tld/wp-admin/userdomain/ ask the login credentials have already passed in plain text over the wire.
Can you suggest how to handle this please?
http://wordpress.org/extend/plugins/wordpress-mu-domain-mapping/
- The topic ‘Using central SSL'd login’ is closed to new replies.