WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
[resolved] Preventing users from loging in to WordPress. (24 posts)

  1. jbeyta
    Member
    Posted 1 year ago #

    I upgraded to version 3.0.1 and immediately, none of my users could log in to WordPress. I have removed it from my plugins folder (everyone could log in right away) and will probably not re-install it.

    http://wordpress.org/extend/plugins/wordpress-https/

  2. sbrittig
    Member
    Posted 1 year ago #

    I am having the same problem--it won't recognize my username and password, and I can't log in to my Dashboard. I'll remove it from my plugins, and see if that solves it (can I roll back to the former version, though?)

  3. jbeyta
    Member
    Posted 1 year ago #

    I imagine the previous version would work just fine. I didn't find that it did everything it was supposed to do. I had a lot of pages showing mixed content still. I'll wait for a more polished release or another solution.

  4. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    Hey jbeyta,

    Did you ever ask for support? I know I was gone while working on the rewrite. You know, support works both ways. When the plugin isn't working, how about help me help you? Uninstalling the plugin doesn't help anybody. I've spent hours, days, weekends testing this plugin. I do my best to assure that it works. It's not a simple problem, so people shouldn't treat it like it is. Saying that the plugin "didn't do everything it was supposed to do" is an extremely simplistic view of the problem that the plugin is solving. There are many many reasons the plugin may appear to not be working. I can justify every "error" the plugin produces, or I can fix it if you help me by providing feedback or allowing me to test a bug fix in your environment.

    I can't fix problems I can't reproduce. The faster people help me figure out what about their configuration is causing an issue, the faster I can roll out fixes.

    You can find all previous version of the plugin here.

    Thanks,
    Mike

  5. Daedalon
    Member
    Posted 1 year ago #

    I'm having the same problem with 3.0.1. Can't log in as an admin after logging out. The problem persisted even after removing the plugin directory.

  6. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    The plugin can not affect your site after being removed. I can't stress this enough. Redirects that continue to occur are generally due to browser caching.

  7. Daedalon
    Member
    Posted 1 year ago #

    Replacing the plugin directory files with those of 2.0.4 didn't alleviate the problem. Here are more details.

    The only active WordPress HTTPS settings were the hostname and to force admin HTTPS.

    The main website shows that I am logged in regardless of whether using http or https. When I try to access the admin pages, I get redirected to https://[SITE]/wp-login.php?redirect_to=https%3A%2F%2F[SITE]%2Fwp-admin%2F&reauth=1, which shows the login screen with no messages. Logging in through this page only leads to the same page with the login screen.

    Clicking the log out link on the main website leads to https://[SITE]/wp-login.php?loggedout=true showing the login form with the message "You are now logged out." Logging in via this screen only leads to the same messageless login screen as above.

    Despite the logout that claimed to be successful the main website shows that I am logged in.

    The only difference that it makes at the moment whether the plugin is installed or not is that without the plugin, trying to access admin pages via http leads to the login reauth=1 page on http. When the plugin is on, the login reauth=1 page is shown on https.

    It seems that whatever's causing this is saved in either database, file system outside the plugin directory or client-side, eg. in a cookie. I'll proceed to restore things from backup and report later.

  8. Daedalon
    Member
    Posted 1 year ago #

    Well, affecting after removing is a relative term. If it caused something, which isn't fixed by removal, the cause still remains. Semantics aside, your tip about browser cache was a bullseye. After removing the plugin, I was able to log in via a different browser.

    After installing 2.0.4 I was required to log in again through that browser, but that worked. I also verified that manually logging out after that didn't spoil anything, and can now administer the blog through that browser.

  9. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    Hey Daedalon,

    Did you try resetting the plugin? You can do that from the plugin's setting's screen, or by adding define('WPHTTPS_RESET', true); to your wp-config.php. Additionally, you could use the built-in uninstall process and the plugin will remove all of its settings.

    Also, make sure you empty your cache and wipe your cookies to just to make sure nothing goofy is going on with either.

    Thanks,
    Mike

  10. Daedalon
    Member
    Posted 1 year ago #

    After removing the site cookies in the main browser I was able to log in to the site that now had 2.0.4 installed.

  11. Daedalon
    Member
    Posted 1 year ago #

    After resetting the settings in the plugin's settings screen, setting Force SSL Administration on and updating from 2.0.4 to 3.0.1, the problem reappeared. Browsing admin pages over https: no problem. Going to main page over http: seemingly no problem, but the top bar links to admin pages were http ones. Clicking one of them led to the same problem with the login reauth=1 screen as before.

    Clearing the cookies solved the problem - partly. I was able to log in and access the admin pages, but it's all over http. Viewing http://[SITE]/wp-admin/admin.php?page=wordpress-https the setting Force SSL Administration is checked, which seems paradoxical. Resetting settings cleared the checkbox, and everything works just like when it was checked - no https. Checking the box and clicking Save leads to the login reauth=1 screen issue again.

    This time clearing the cookies and logging back to the site yielded nearly the desired outcome: Link to login page was automatically https. Logging in worked, and admin screen was accessed via https. The link to main site is http, and works well, and the links there that point to admin pages are https, and work well.

    Manually visiting an http admin URL, however, resulted in the login reauth=1 issue again. On that page, and the login page after clearing cookies, the link to the main page is https while it should be http.

    After clearing the cookies again I have now reverted back to 2.0.4.

    It crossed my mind that this problem may be a plugin conflict with 404 Redirected or Smart 404 after noticing that with 2.0.4 with default settings (no force SSL admin) and visiting a https admin URL, I was forced to log in again. This may be the default behavior that I just don't remember, but it's a bit odd. The logging in worked, and I was able to access the admin pages over https after that. Accessing the main site over http worked as well. Accessing the main site over https redirected to http. However, accessing the main sit over http required to log in again. Without the Force SSL Administration, using admin pages over SSL is a bugger.

    2.0.4 with force SSL administration works exactly as desired.

  12. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    Hey Daedalon,

    Okay, well if you have a bug to report let me know. I can't exactly reproduce whatever happened, so I can't fix it.

    Thanks,
    Mike

  13. RF.com
    Member
    Posted 1 year ago #

    I have the same problem. Rolling back to 2.0.4...
    That's pretty much all I can say, because I have no idea how I could be helpful.

  14. RF.com
    Member
    Posted 1 year ago #

    It appears 2.0.4 doesn't work anymore either. Every time I install it, it messes up every page layout.

    Sorry that it has come to this, but I'm now forced to get another plugin to do the job. Hopefully you'll get it fixed, tho.

  15. Daedalon
    Member
    Posted 1 year ago #

    I would expect 2.0.4 to work if you reset its settings (see Mvied's instructions above) and clear your browser's cache (at least all the cookies related to the site).

    If it doesn't work, it would be helpful to know the steps that led to the problem in more detail. For example which way did you roll back to 2.0.4: deleting the plugin through the file system or through the WordPress admin panel (not sure if your error was unability to log into the admin panel or that your users couldn't log in), and which way did you install 2.0.4? Which settings do you have?

  16. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    Right, you need to follow the proper steps in resetting the plugin if you're swapping between versions.

    If you find another plugin that does the job, let me know. I'm pretty sure it doesn't exist.

    Thanks,
    Mike

  17. sbrittig
    Member
    Posted 1 year ago #

    I rolled back to 3.0, and can now get into Dashboard. But my site no longer shows the green lock, just the nasty red slash through the HTTPS. I don't know if this is a problem on my end, or a result of deactivating 3.0.1 and rolling back. When I check Force SSL Exclusively in my HTTPS Settings, I get the message SSL Admin - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.

    Do I need to edit wp-config.php, and if so, what do I add or delete?

    I loved this plugin when using 3.0 previously, and want it to work again. Will upgrade to 3.0.1 when the admin login bug is fixed.

  18. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    Hey sbrittig,

    A lot of people say their users "can't login" but that doesn't tell me anything. What's happening? Why can't they log in?

    Remove define('FORCE_SSL_ADMIN', true); and/or define('FORCE_SSL_LOGIN', true);

    Thanks,
    Mike

  19. sbrittig
    Member
    Posted 1 year ago #

    I'm not sure why I couldn't log in. What happened: I brought up log in page for WP admin after upgrade of plugin, my username and password were saved and auto-entered. I hit submit to log on, but the page refreshed with my username and password blanked out. I manually typed in both, hit submit, and the same refreshing and blanking out of fields occurred. It simply would not recognize my log in info. After deactivating and reinstalling 3.0, the login worked again. Wish I could be of more help here.

    Thanks for the instructions on code editing--Worked, and my site is showing secure again!

  20. jbeyta
    Member
    Posted 1 year ago #

    Mvied,
    Well, I had to uninstall the plugin so my users could access content. I gave the only description I had about it not working prior to that: it showed mixed content (secured and unsecured), the same issue sbrittig described. It wasn't a big deal at the time; I don't have a ton of user and there is no personal data stored in their accounts. I was a bit hasty in stating I wouldn't re-install it as it did work for the most part. I'll keep up with your updates and try to give you some more information on what exactly wasn't working.
    Thanks.

  21. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    Hey all,

    I've fixed a number of issues and have released 3.0.3. Please update and let me know if you have any issues. Please start a new topic with any issues.

    Thanks,
    Mike

  22. Daedalon
    Member
    Posted 1 year ago #

    3.0.3 is now in use on my test environments and no problems so far. Rolling it to production use soon after.

    On additional question though: Could WordPress HTTPS be made to support Login With AJAX so that its widget would submit the form via HTTPS when force HTTPS administration is checked?

    Another thing I thought is that would it make sense to have separate options for forcing HTTPS administration and forcing HTTPS login? On a site where there is only a HTTPS certificate that displays an error message on most browsers, but is otherwise perfectly usable, it might be in the administrators' interests to protect the administration of the site without troubling the casual users with scary error messages.

  23. Daedalon
    Member
    Posted 1 year ago #

    After updating a production site and syncing a replica of it to be a test site, the test site doesn't work. I noticed that the value of 'wordpress-https_ssl_host' in the database now has a trailing slash.

    For anyone with a similar test site replication setup knowing of this change saves time. Without updateing the replication script wp-login.php of the test site will redirect to the production site preventing logging in to the test site.

    Apart from this 3.0.3 works in my environment great exactly the same way 3.0.2 does. Thanks!

  24. Custom Pin Design
    Member
    Posted 1 year ago #

    I GOT IT WORKING.

    you must follow these exact instructions:

    BEFORE upgrading:

    Reset your settings in WP-HTTPS
    Go to plugins > deactivate WP-HTTPS
    Delete WP-HTTPS (delete all files and data)
    GO UPGRADE

    Install fresh WP-HTTPS 3.0.3 and activate it.
    Go to the admin > edit page that should be HTTPS encrypted in the admin
    uncheck the "secure child post" (why is it checked by default?")
    check the "secure post"
    go to HTTPS settings > check "Force SSL Exclusively"

    If you upgraded and are already locked out of your admin, you will need to access your site via FTP and delete the plugin. Then install the old version zip file if you have it. Luckily I had the old version installed on another site so I FTP downloaded it and zipped it myself. then i uploaded the zipped old version into the plugin area and installed it that way.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic