WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
Minor Bug in Plugin Version 3.0.1 (14 posts)

  1. fwchapman
    Member
    Posted 2 years ago #

    Dear Mike,

    I'm having a minor problem with Version 3.0.1 of the plugin on websites with shared hosting and a shared SSL certificate. After I log out, the "Back to ..." link goes to the home page using HTTPS instead of HTTP. This is the default behavior for WordPress on all my sites with shared SSL. This causes real problems because the shared SSL certificate is for the hosting company's server, not for the website's domain name.

    Version 2.0.4 of the plugin uses HTTP for the "Back to ..." link, which is exactly what I want. In fact, the only reason I use the plugin on sites with a shared SLL certificate is so that the "Back to ..." link will work. Of course, the plugin is even more useful on sites with a dedicated SSL certificate, and I love it for that!

    Here's what I use in Settings > General on websites with shared hosting and a shared SSL certificate:

    WordPress Address (URL)

    https://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME

    Site Address (URL)

    http://www.SITE_DOMAIN.com

    This is what I have to do to make the login secure on sites with shared SSL. Securing the login is much easier on sites with a dedicated SSL certificate.

    Thanks for your help,

    Fred Chapman

    http://wordpress.org/extend/plugins/wordpress-https/

  2. fwchapman
    Member
    Posted 2 years ago #

    P.S. I just confirmed that even on a site with a dedicated SSL certificate, the "Back to ..." link on the login page uses HTTPS in Version 3.0.1 and HTTP in Version 2.0.4. Apparently the issue has to do with the plugin upgrade, not shared vs. dedicated SSL certificates.

  3. fwchapman
    Member
    Posted 2 years ago #

    P.P.S. At this point, I'm not sure what's happening on sites with a dedicated SSL certificate, because Version 3.0.1 of the plugin generates this error message:

    Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 450401856 bytes) in Unknown on line 0

  4. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Hey fwchapman,

    No, that doesn't happen to everyone using dedicated SSL certificates. It doesn't happen to me, otherwise I'd fix it. ;)

    If you enable Force SSL Exclusively and the front page isn't secure, it should revert to HTTP. If not, I'll look into it.

    Thanks,
    Mike

  5. fwchapman
    Member
    Posted 2 years ago #

    Okay, I just found a better way to configure my settings on sites with a shared SSL certificate:

    Settings > General > WordPress Address (URL)

    http://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME

    Settings > General > Site Address (URL)

    http://www.SITE_DOMAIN.com

    Settings > WordPress HTTPS > SSL Host

    SERVER_NAME.HOSTING_COMPANY.com

    The key changes from what I posted before are using HTTP instead of HTTPS in the WordPress Address and entering the correct SSL Host in the plugin settings. I think that's what you had in mind all along, right, Mike?

    This solves the original problem I reported with HTTP vs. HTTPS on the "Back to ..." link of the login page; however, it causes a new, more serious problem: the Force SSL Administration option no longer forces SSL logins.

  6. fwchapman
    Member
    Posted 2 years ago #

    P.S. When I use the new settings in Version 2.0.4, everything works perfectly.

  7. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Hey Fred,

    The Blog URL needs to be the regular, HTTP base path of the site. Site URL should match that. Your SSL Host should be SERVER_NAME.HOSTING_COMPANY.com/~USERNAME. If you want your entire site to be over the Shared SSL, then the Site URL should be changed to https://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME.

    If the plugin isn't functioning correctly with the proper configuration, the answer is not rig it to work, the plugin needs to be fixed. I can't really support your configuration, it doesn't make sense.

    Thanks,
    Mike

  8. fwchapman
    Member
    Posted 2 years ago #

    Hi Mike,

    Thanks for your responses today, and for all your hard work on this plugin. This is the best SSL plugin I've found for WordPress, and I use it on all the sites I build for my clients.

    When I enter this SSL Host in Version 3.0.1 on a site with a shared SSL certificate

    SERVER_NAME.HOSTING_COMPANY.com/~USERNAME

    your plugin removes the /~USERNAME and changes it to

    SERVER_NAME.HOSTING_COMPANY.com

    I'll keep testing Version 3.0.1 and Version 2.0.4 and let you know what I find out.

    Thanks again,

    Fred

  9. fwchapman
    Member
    Posted 2 years ago #

    Great news!

    On one of my sites with a shared SSL certificate, I was able to get everything to work with Version 3.0.1. This site doesn't have a custom domain name yet, so I used

    http://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME

    for both the internal site path and the external site URL. So far, so good! Next, I'll try Version 3.0.1 on a site with a shared SSL certificate and a custom domain name.

  10. fwchapman
    Member
    Posted 2 years ago #

    More test results!

    On another site with a shared SSL certificate and Version 3.0.1, I did everything as before, and everything worked. When I changed both site URLs in General Settings from

    http://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME

    to

    http://www.SITE_DOMAIN.com

    everything broke very badly. I lost all graphics on both the front end and the administrative back end. The entire site was displayed as text.

    If I use the first (longer) form for the WordPress Address and the second (shorter) form for the Site Address, the entire site breaks almost as badly. I see some icons, but the site is still displayed mostly as text.

    When I deactivate the plugin, everything returns to normal. The only way I can get everything to work with a custom domain name is to use Version 2.0.4 with the settings I specified four posts ago.

    There's a reason General Settings let's you specify two different URLs: so that they can be different. The first URL is an internal name for administrative use, while the second URL is an external name for public use. I need SSL only for the administrative back end.

    I have to conclude after exhaustive testing that my settings are correct. Something broke when the plugin went from Version 2.0.4 to the complete rewrite that is Version 3.0.1.

    Can we please agree on that?

    Thanks,

    Fred

  11. fwchapman
    Member
    Posted 2 years ago #

    Quick Clarification

    Mike, I should emphasize that with a shared SSL certificate, I don't care about using SSL on the front end. I want to use SSL only on the administrative back end.

    Shared SSL configurations are more complicated than dedicated SSL configurations because shared SSL certificates are more limited. They're tied to the domain name of the server, not the domain name of the WordPress site, which means you can't use shared SSL with a custom domain name. That's okay. I don't want to do that anyway! I just want to secure the back end.

    To secure the back end, the domain name for the SSL host must be the same as the domain name in the administrative URL for the site. Those are the only things that need to match, and I've already taken care of that.

    The bottom line is that the configuration needed to secure the back end with shared SSL works in Version 2.0.4 but not in Version 3.0.1.

    Can you help me with that, please?

    Thanks,

    Fred

  12. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Hey Fred,

    I guess my point is that it shouldn't be necessary to change your Blog URL. I don't want my users to have to rely on setting the URL in two places. I would rather it work as intended. I'm more concerned about the URL's being rewritten incorrectly and breaking stylesheets and other elements when your Blog URL and Site URL are at their defaults. That's not working as intended.

    I'd be more than happy to take a look at it myself and see what's going on. Often times that's the only way to figure it out.

    Thanks,
    Mike

  13. fwchapman
    Member
    Posted 2 years ago #

    Hi Mike,

    Thanks so much for your reply and for your kind and generous offer of help!

    With a dedicated SSL certificate, things are much easier because all the URLs can keep their default settings. Unfortunately, that's just not possible with a shared SSL certificate, especially if you want to use a custom domain name to make the front end URLs look pretty.

    The shared hosting plans I use include a shared SSL certificate, and that enables me to secure the WordPress back end without the additional trouble and expense of purchasing a dedicated SSL certificate. My solution worked well for me up through Version 2.0.4, and I'd love to get it working with Version 3 of your plugin. I'll contact you privately through your website so that we can take our next steps.

    Thanks again, Mike. You are a prince among plugin developers!!!

    Fred

  14. fwchapman
    Member
    Posted 2 years ago #

    For anyone following this discussion, it merged with a discussion of Version 3.0.3 here:

    http://wordpress.org/support/topic/plugin-wordpress-https-ssl-303-does-not-secure-admin-front-page-even-w-option-checked

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic