Forcing SSL login and admin failing (10 posts)

  1. hedera
    Posted 9 months ago #

    I'm trying to improve site security, and decided to implement forced SSL login and admin. I put the statements in wp-config.php just before the final comment. It's not working:

    I can log in but I never see the https:// in the address bar.

    When I am logged in I can't get to the dashboard. To see the dashboard I have to roll the old wp-config.php back in.

    Here is the tail of our wp-config.php:

     * WordPress Localized Language, defaults to English.
     * Change this to localize WordPress.  A corresponding MO file for the chosen
     * language must be installed to wp-content/languages. For example, install
     * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
     * language support.
    define ('WPLANG', '');
    /* That's all, stop editing! Happy blogging. */
    /** Absolute path to the WordPress directory. */
    if ( !defined('ABSPATH') )
    	define('ABSPATH', dirname(__FILE__) . '/');
    /** Sets up WordPress vars and included files. */
    require_once(ABSPATH . 'wp-settings.php');

    I put the statements just before the "Happy blogging" comment, but never got a secure login. I just refreshed the site SSL certificate, and so far as I know it's working, but I get the results I described. Any suggestions??

  2. Just to be sure, is this the only thing you added?

    define('FORCE_SSL_ADMIN', true);

    So that you perhaps have something like this?

    define ('WPLANG', '');
    define('FORCE_SSL_ADMIN', true);
    /* That's all, stop editing! Happy blogging. */

    Did you make any other changes?


  3. hedera
    Posted 9 months ago #

    The WPLANG definition was there before.

    I added the following 2 lines, just before the "Happy blogging" comment, because that was what GoDaddy suggested. (Shoulda known better!)

    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);

    I found a note today that only the FORCE_SSL_ADMIN statement was needed, so I tried again with that statement only and got the same error.

    I now think we may have a plugin conflict, we have the W3TC Browser Cache plugin installed and it has filled the .htaccess file with lines of junk I haven't had time to analyze. Ever hear of anything like that?

    Thanks for your interest, by the way, help is much appreciated.

  4. That is quite possible. Try adding just line:

    define('FORCE_SSL_ADMIN', true);

    Then, clear W3TC's cache and deactivate all plugins (including W3TC) to see if that makes a difference. If not, leave the plugins deactivated, and try temporarily renaming .htaccess to just htaccess (remove the dot).

  5. hedera
    Posted 9 months ago #

    I'll see when I can fit this in, but deactivating ALL the plugins (we have 29 active) has a major impact on our production site and I have at this point no identical backup site to try this on. I'm trying to build one and will test this there when I get it up. I may try deactivating just W3TC and see if that works; I'm not totally convinced we need it anyhow.

  6. Yeah, if you're constrained by time, I'd definitely try just W3TC first, but don't rule out the possibility that the conflict could be with any one of the 28 other plugins.

    Basically, the single line of code in wp-config definitely works with WordPress as-is, and it works with my other sites and their various plugins too.

  7. hedera
    Posted 9 months ago #

    Actually, the problem wasn't W3TC. It was another plugin, Restrict Content Pro, which takes over the login process and redirects it in its own format.

    I'm now working on a different effort, to secure the entire site with HTTPS; and I find that just changing the siteurl and home fields to use HTTPS instead of HTTP does MOST of it. I'm still trying to work out the stuff not covered by "MOST of it."

  8. Have you tried adding this line to your wp-config.php file yet?

    define('FORCE_SSL_ADMIN', true);


  9. hedera
    Posted 8 months ago #

    I did try that, actually; but as I said, we have a working plugin (Restrict Content Pro) which kept us from opening any of the admin pages under HTTPS, even though we could log in that way. Oddly enough, the plugin doesn't interfere when I have the entire site set to load HTTPS, and that's probably the way we'll go.

  10. Yeah, that does sound like a good solution.

    Have you contacted https://pippinsplugins.com/plugin-support/ about this? Pippin can probably help you with this.


You must log in to post.

About this Topic