WordPress.org

Forums

Force SSL Admin not functioning (10 posts)

  1. MStenz
    Member
    Posted 2 years ago #

    I have all the SSL configured, and I can access wp-admin with https with no issues, but I'm unable to force SSL for wp-admin. Per documentation, I have

    define('FORCE_SSL_ADMIN', true);

    in the config. Right now I have it at the top since I've seen some solutions that require it that way. Still no luck. Source still shows http.

    Now, one thing I do see, and this might be the issue, but when I go to wp-admin, it shows up as

    http://blog.domainX.com/wp-login.php?redirect_to=http%3A%2F%2Fblog.domainX.com%2Fwp-admin%2F&reauth=1

    So I'm wondering if this redirect is causing the issue? In testing, I've removed all the rewrite rules, so I'm not sure what is happening. WP 3.4.2.

  2. linux4me2
    Member
    Posted 2 years ago #

    According to the codex, the define just needs to be before this:

    /* That's all, stop editing! Happy blogging. */
    ...
    require_once(ABSPATH . 'wp-settings.php');

    I just added the
    define('FORCE_SSL_ADMIN', true);
    to a site of mine that has a private SSL cert, and when I browsed to the site via the non-https URL; e.g., http://mysite.com/wp-login.php it redirected me to the new URL https://mysite.com without the redirect string that yours shows, and that's putting the define for forcing SSL admin right above the line I mention above. If I try to go to the wp-admin folder instead, I get the redirect.

    Then, I tried putting the define at the very top of the file, like you say you have it, and it still worked both to wp-admin (with the redirect) and to wp-login (without the redirect).

    So I don't think it's something in your .htaccess. It looks like your changes to wp-config.php aren't being paid attention to. Have you verified that the file is actually being copied to the server and that the permissions on the file are correct (644)?

    Is your server using any fancy caching software that would account for your modified wp-config.php not being loaded immediately, maybe?

  3. MStenz
    Member
    Posted 2 years ago #

    Thanks for the response - I'm still not understanding why I'm getting the redirect in the string, but I believe I have it working. I had a commenting error in the wp-config.php. Sometimes have to watch what I copy and paste.

  4. linux4me2
    Member
    Posted 2 years ago #

    Ah, yes. That commenting error would do it.

    I believe you get the redirect in the string when you start at the http://yourdomain.com/wp-admin URL; it redirects you to the wp-login.php script. That's normal. The important thing in terms of SSL is that the redirect string contains "https" rather than "http."

  5. MStenz
    Member
    Posted 2 years ago #

    OK - thanks for the help.

    On the same subject, just found another SSL issue, which may be a bug?

    So, if I do a password reset, I get an e-mail that says:

    Someone requested that the password be reset for the following account:

    https://blog.domainX.com

    etc etc etc

    Now, the problem is, is it putting https:// for the site URL, which causes some complications when clicking on the link. After reviewing wp-login.php it seems the line of code is calling 'network_home_url' - so at some point in the logic it is taking the FORCE SSL into account. Not sure there is a way around this other than to hard code that line.

  6. linux4me2
    Member
    Posted 2 years ago #

    What complications does that cause when you click the link?

    If you have a private SSL certificate it should just display the site in SSL mode without any warnings. What's happening?

  7. MStenz
    Member
    Posted 2 years ago #

    For the record, I'm just using a self signed cert in a sandbox, so I'm not sure if these issues would remain with a certificate authority once I try live. Nonetheless...

    In IE, I get a popup that only secure content is being displayed. Chrome doesn't show any warnings, but both browsers display the same symptoms. It just looks like the stylesheets are off, padding is off, super large text, overlapping widgets, some images not being displayed...just a mess.

  8. linux4me2
    Member
    Posted 2 years ago #

    If you have a private cert I think you may still get those security warnings because if your main domain is set in Settings -> General to an "http" a lot of the "src" attributes to images and such will not be "https," so you will have both secure and insecure items on a given page.

    One alternative would be to switch your entire site to run via SSL, which I have done for sites that had ecommerce plugins and does theoretically reduce the speed a bit, but I have found it is not noticeable.

    Are you using
    define('FORCE_SSL_LOGIN', true);
    or
    define('FORCE_SSL_ADMIN', true);

    It may be that with SSL admin only you wouldn't be getting this effect.

  9. MStenz
    Member
    Posted 2 years ago #

    When I used:

    define('FORCE_SSL_LOGIN', true);

    I did not get the login page to force SSL.

    So right now, I'm using:

    define('FORCE_SSL_ADMIN', true);

    That works, with SSL login AND the admin as it should, but I have that https:// added to site root. I'm not sure I'd want to carry the entire site via SSL if I can help it, at least not for an issue like this. It's not going to be hit that much, just want to cover all scenarios.

  10. linux4me2
    Member
    Posted 2 years ago #

    Once you get it set up on live site, you might repost about the https with the password recovery link and see if someone has an idea.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags