WordPress.org

Ready to get started?Download WordPress

Forums

Login With Ajax
Forced SSL support? (5 posts)

  1. landwire
    Member
    Posted 2 years ago #

    Hi there,
    does the plugin support forced SSL logins? I have these set in my config file:

    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);

    In addition I am using a security plugin Better WP Security which adds a rewrite rule to only give access to the wp-login.php with the key (here key123). wp-login.php?key123

    Is there a way to get your plugin working with those settings?
    Thanks,
    Sascha

    # BEGIN Better WP Security
    <IfModule mod_rewrite.c>
    RewriteEngine On
    
    RewriteRule ^login/?$ /landwire_wordpress/wp-login.php?key123 [R,L]
    
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteRule ^admin/?$ /landwire_wordpress/wp-login.php?key123&redirect_to=/landwire_wordpress/wp-admin/ [R,L]
    
    RewriteRule ^admin/?$ /landwire_wordpress/wp-admin/?key123[R,L]
    
    RewriteRule ^register/?$ /landwire_wordpress/wp-login.php?key123&action=register [R,L]
    
    RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax\.php
    RewriteCond %{HTTP_REFERER} !^(.*)landwire.net/landwire_wordpress/wp-admin
    RewriteCond %{HTTP_REFERER} !^(.*)landwire.net/landwire_wordpress/wp-login\.php
    RewriteCond %{HTTP_REFERER} !^(.*)landwire.net/landwire_wordpress/login
    RewriteCond %{HTTP_REFERER} !^(.*)landwire.net/landwire_wordpress/admin
    RewriteCond %{HTTP_REFERER} !^(.*)landwire.net/landwire_wordpress/register
    RewriteCond %{QUERY_STRING} !^key123
    RewriteCond %{QUERY_STRING} !^action=logout
    RewriteCond %{QUERY_STRING} !^action=rp
    RewriteCond %{QUERY_STRING} !^action=register
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteRule ^.*wp-admin/?|^.*wp-login\.php not_found [L]
    
    RewriteCond %{QUERY_STRING} ^loggedout=true
    RewriteRule ^.*$ /landwire_wordpress/wp-login.php?key123 [R,L]
    </IfModule>
    
    # END Better WP Security

    http://wordpress.org/extend/plugins/login-with-ajax/

  2. Marcus
    NetWebLogic Support
    Plugin Author

    Posted 2 years ago #

    what LWA does is use a SSL url if the WP function is_ssl() returns true, which should happen if you set up your constants above.

    I don't think you need to change anything to make that work. The only thing your rewrite rule might do is try to redirect AJAX calls, which wouldn't allow this to work.

  3. landwire
    Member
    Posted 2 years ago #

    Hey Marcus,

    that was such a quick answer! Thanks very much.

    As far as I understand your answer:

    1. It will work with SSL.
    2. When I use the rewrite rules then it will not work.

    Is there a way of telling the rewrite rule to ignore AJAX requests? Or should I just take the rewrite rule out? I used it mainly to restrict direct access to wp-login.php.

  4. landwire
    Member
    Posted 2 years ago #

    Another question:
    Is it possible to log out of WordPress without refreshing the whole page or redirecting to a new one? Basically having your: Disable refresh upon login? option also for the log-out process?

    Sorry that should have been a separate forum post...
    S

  5. landwire
    Member
    Posted 2 years ago #

    Just as an update: maybe the above was not the problem, but that wordpress was installed in a sub-directory. See other post I have left.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic