FORCE_SSL_ADMIN problem with WP 3 multi-site

  • dramaley

    (@dramaley)


    15 years, 10 months ago

    Hello. I’ve installed WordPress 3.0 with multi-site support. It is running on Red Hat Enterprise Linux 5.5 with Apache 2.2.3 and PHP 5.2.10.

    I’m trying to force administration to happen over SSL. I’ve set up the certificates so that SSL works correctly. According to http://codex.wordpress.org/Administration_Over_SSL, all i should have to do is put “define(‘FORCE_SSL_ADMIN’, true);” into wp-config.php. But when i do that, login gets stuck in a redirect loop.

    For example, connecting to the server on port 80 and asking for the login page gets a redirect to the SSL version, as one would expect:

    $ telnet oit-test.drake.edu 80
    GET /wp-login.php HTTP/1.1
    Host: oit-test.drake.edu
    Connection: Close

    HTTP/1.1 302 Found
    Date: Mon, 19 Jul 2010 21:31:23 GMT
    Server: Apache/2.2.3 (Red Hat)
    X-Powered-By: PHP/5.2.10
    Location: https://oit-test.drake.edu/wp-login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html; charset=UTF-8

    But then connecting to the SSL version gets the exact same response!

    $ openssl s_client -connect oit-test.drake.edu:443
    GET /wp-login.php HTTP/1.1
    Host: oit-test.drake.edu
    Connection: Close

    HTTP/1.1 302 Found
    Date: Mon, 19 Jul 2010 21:32:56 GMT
    Server: Apache/2.2.3 (Red Hat)
    X-Powered-By: PHP/5.2.10
    Location: https://oit-test.drake.edu/wp-login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html; charset=UTF-8

    It seems that WordPress isn’t aware that the connection came in via SSL. I tried setting “SSLOptions +StdEnvVars” in Apache’s configuration to see if WordPress needed more variables set, but that did nothing. Is there anything else i can do to make it work correctly? Has anyone else seen this?

Viewing 3 replies - 1 through 3 (of 3 total)
  • ChrisMc

    (@chrismc)

    15 years, 8 months ago

    Hello. I have the same problem:

    ‘According to http://codex.wordpress.org/Administration_Over_SSL, all i should have to do is put “define(‘FORCE_SSL_ADMIN’, true);” into wp-config.php. But when i do that, login gets stuck in a redirect loop.’

    I don’t have multisite installed. FORCE_SSL_LOGIN appears to work, but I really much prefer forcing all admin sessions to be over https

    Additionally: the images all use full url paths on page, when they should hold relative paths otherwise you get warnings from the browser about the content being only partially encrypted. I’m really not sure how to alter image paths in WP even though there’s an article about it
    http://ryan.boren.me/2008/07/14/ssl-and-cookies-in-wordpress-26/
    and this on codex
    http://codex.wordpress.org/Function_Reference/wp_make_link_relative
    I don’t know where to stick that piece of code or alter AJAX for Themes…

    ssteiner

    (@ssteiner)

    15 years, 7 months ago

    I am not having a bad redirect loop, but am being warned about partially encrypted page on my regular https’d login page.

    I have both:

    define(‘FORCE_SSL_ADMIN’, true);
    define(‘FORCE_SSL_LOGIN’, true);

    in my wp-config.php, but something’s being pulled in that’s not encrypted and I’m not sure what, or where to start looking.

    Thanks,

    S

    RobShand

    (@robshand)

    15 years, 6 months ago

    Was there any updates to this, I’m running WP 3.0.1 with Multi sites.

    As soon as I add
    define(‘FORCE_SSL_ADMIN’, true);

    to the wp-config.php, any attempt to access a */wp-admin page sends the request in an infinite 302 loop of death.

    TIA!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘FORCE_SSL_ADMIN problem with WP 3 multi-site’ is closed to new replies.