WordPress.org

Ready to get started?Download WordPress

Forums

Same Blog - different URLs ? (9 posts)

  1. hadmut
    Member
    Posted 7 years ago #

    Hi,

    wordpress suffers from a security problem: All passwords are transmitted unencrypted, including the admin's password. There are some plugins and solutions, but none of the worked properly.

    I'd like to have my blog appear at two different locations, once in my personal web page (virtual http server) and once somewhere in a subtree of the https server (virtual https servers are currently not supported, so there is only one per server).

    Unfortunately I can't run the same wordpress blog from more than one location, since the WordPress/Blog URIs are stored in the SQL database.

    It would be quite easier if it was possible to override these settings in /etc/wordpress/wp-config.php, because then it could be set to different values, depending on how the user accessed the blog.

    Is there any way to override these configuration values from php, and if not, I'd propose it.

    regards
    Hadmut

  2. whooami
    Member
    Posted 7 years ago #

    wordpress suffers from a security problem: All passwords are transmitted unencrypted, including the admin's password.

    umm, thats a pretty standard behaviour, and thats one of the reasons ssl exists.

  3. hadmut
    Member
    Posted 7 years ago #

    Yeah, that's why I want to use ssl (https).

    But WordPress makes it unnecessary complicated to use the blog with https. I need a way to have the same blog under a virtual HTTP server for reading and at a different PATH at the HTTPS server. Since wordpress stores the absolute path in the SQL database, it is impossible to have the same blog at two URIs.

  4. Chris_K
    Member
    Posted 7 years ago #

    Does this help? Administration_Over_SSL

  5. hadmut
    Member
    Posted 7 years ago #

    Not really. I am using something like that, but it requires to have a configurable webserver with this particular plugin.

    I also tried a wordpress plugin, but it didn't work sufficiently.

    It is in general not a solution to use ugly workarounds for a structural flaw in wordpress itself, which could be fixed easily.

  6. whooami
    Member
    Posted 7 years ago #

    ... a structural flaw ... which could be fixed easily.

    Ill be looking for your patch in the latest CVS

  7. Chris_K
    Member
    Posted 7 years ago #

  8. vkaryl
    Member
    Posted 7 years ago #

    Be nice if he actually did come up with a patch or something. I'd myself prefer to store the login, config etc. stuff above /public_html/ - I even messed with it a bit, but it looked like practically every file would have to have some changes, and I didn't have the time to really get into it.

  9. hadmut
    Member
    Posted 7 years ago #

    I currently do not have the time to go through all that source code, and btw. I haven't written in PHP for some years now. I've never liked that language. Preferring ruby.

    However:

    A simple solution would be to just allow to override / configure the URIs in the /etc php files. This way, you can choose the base WordPress/Blog URIs depending on the given Server or PATH the client was requesting. This way you can have the same Blog under

    http://virtualserver/blog

    and

    https://sharedhttpsserver/user/blog

    You just need to check, which server and path were requested in /etc/wordpress/wp-config.php and set the URIs apropriately. (Currently, you always get linked/redirected to http://virtualserver/blog)

    And this can't be much of a problem, because all it takes is to replace the SQL query for the URI variables, or to find any way to override (wasn't there something like a CONSTANT in php?).

    All other program components should just use these string values and therefore should not require any changes.

Topic Closed

This topic has been closed to new replies.

About this Topic