WordPress.org

Ready to get started?Download WordPress

Forums

SSL Admin (10 posts)

  1. bingaman
    Member
    Posted 5 years ago #

    In WP 2.7 when I add define('FORCE_SSL_LOGIN', true); to my wp-config it works fine. When I replace this with define('FORCE_SSL_ADMIN', true); (what I actually want it to be) it causes a redirect loop between http and https. Any ideas?

  2. Instead of replacing that line try adding both.

    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);

    If you have not already, visit http://api.wordpress.org/secret-key/1.1/ and copy that output into your wp-config.php (backup that file first).

    Also if you have anything in your .htaccess file related to SSL, make a copy of that file and remove the SSL portions.

  3. czep
    Member
    Posted 5 years ago #

    I have the same problem with WP 2.7: FORCE_SSL_LOGIN works but FORCE_SSL_ADMIN results in an infinite redirect loop. I, too, would prefer to use FORCE_SSL_ADMIN as it encrypts the entire admin session, not merely the exchange of cookies. According to Ryan's post on SSL and Cookies, you should be able to use either one of these statements alone, not together.

  4. Edit: Merry Christmas!

    you should be able to use either one of these statements alone, not together.

    Just out of morbid curiosity, does it work when you use both? I use both and it works fine for one of my 2.7 blogs.

    Admin pages and login are SSL protected, the blog is http (not SSL).

  5. czep
    Member
    Posted 5 years ago #

    When I use both, I get the same problem as if I use only FORCE_SSL_ADMIN alone.

  6. The only reason a redirect loop that would happen is if the SSL version of those pages was not able or permitted to read the cookies and you kept being sent to a page that was still not setting them correctly.

    Is there anything in your .htaccess relates to https? No admin-ssl plugins? When all your plugins are disabled, do you still get that loop?

    Outside of those items I'm stumped.

  7. czep
    Member
    Posted 5 years ago #

    My web server is nginx which does not rely on htaccess files, and I have no other plugins active as of this time. Based on searching the wordpress 2.7 installation files, I can see that FORCE_SSL_ADMIN is used in 5 files:

    wp-login.php
    wp-settings.php
    wp-includes\functions.php
    wp-includes\link-template.php
    wp-includes\pluggable.php

    I am going to look at each of these files to see if I can figure out why this particular directive is not working in 2.7. I will write back if and when I can find an answer.

  8. Also checkout your access logs and error logs.

    If you are being redirected to a login page repeatedly, there should be something in those log files then you should see 302 for /wp-admin/ to /wp-login.php.

    Good luck and Merry Christmas.

  9. czep
    Member
    Posted 5 years ago #

    Problem solved. nginx does not automatically set the _SERVER['HTTPS'] variable, which is how wp-login.php detects whether SSL is being used. Add this line to the nginx server configuration file (for your SSL connection only) to ensure that the HTTPS variable is set:

    fastcgi_param HTTPS on;

  10. abridewell
    Member
    Posted 5 years ago #

    Im using WordPress 2.8.2. and I installed the Wp-ecommerce plugin. My next step when setting up the Admin SSL I keep running into problems. I have to have this for google Checkout. Since there asking for a https link.

    What Keeps happening is when I activate the Admin SSL 1.4, my page redirects and gives me an error. Then I cannot get back into my admin of wordpress unless I delete the admin ssl plugin from ftp. Can somebody please help me out.

    Thanks
    dbride20@yahoo.com, or reply to this post. Thanks Thanks Thanks.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags