Admin-SSL plugin gives problems

Oh boy, this is going to be a long one.

First remove the SSL re-write rules. Not needed if you use the Admin SSL plugin and I _think_ they wont work.

For the new Virtual host *:443 make a dummy directory underneath the document root and put any HTML page there. I use phpinfo.php for that.

Load that page in your browser and validate that the page works in https. Make sure you duplicate your wordpress section in the new SSL portion and try https://your-wordpress-blog-url-here/

If that loads your wordpress blog (ignore any insecure portions warning you might get) then SSL is good for your blog.

Now activate the Admin SSL plugin and that ought to work.

If you are concerned about the portions of your pages that are loaded as http: and not https: then

Look at the source of your admin pages after you login using the Admin SSL plugin in and do a search for

src=http:

Try disabling all the plugins except Admin SSL and clear your cache on the browser.

On my blog, the non https portions are loaded from two plugins for loading javascript components. The plugins are Simple Tags and Viper’s Video Quicktags plugin.

I’m not worried and when I disable those two plugins then even Internet Explorer is satisfied that the page is 100% SSL.

I hope that helps,

Jan Dembowski

Weird. I’ve had very few problems with that plugin. Are there any messages is Apache’s error_log? And do you see the wp-admin/login.php in the access_log?

The only thing that sounds different for my setup is that I’m using <VirtualHost _default_:443> in my apache conf file.

Can you enable the plugin and try this:

telnet your webserver on port 80 and tee the output to a file (telnet your-server 80 | tee log.txt) and type

GET /blog/wp-login.php HTTP/1.0

This is if your blog is off of /blog. Hit enter twice and you should get some text.

If you look at the log.txt file you should see

HTTP/1.1 301 Moved Permamently

at the top. If that happens then the first part of the plugin is working.

Now please disable the plugin by moving the admin-ssl.php file out of wp-content/plugins.

On my system I can run https://blogurl/wp-admin/ without the plugin.

Does that work and generate log file entries?

Well I don’t know why the Admin-SSL plugin is not working but the non-protected content should be okay depending on what it is.

Looking at your page source after you login to the admin page should tell you what portions are not SSL. Search for src=”http: to see it.

I’ve never captured traffic from the blog using SSL but if you run the command “tcpdump -w file.pcap” while admining your blog and then load that file into Ethereal then you should be able to see whats being transmitted in the clear.

Good luck,

Jan Dembowski