WordPress.org

Support

Support » Multisite » Multisite, SSL (wildcard) and forced login

Multisite, SSL (wildcard) and forced login

  • Hi,

    I am trying to get my multisite to have forced SSL login (and ideally admin .. but I would be happy with login to get started). I have a wildcard SSL certificate and it works when I try to login when I type in https… but it does not force the user to use https

    I have added the following to my wp-config.php file

    define(‘FORCE_SSL_LOGIN’, true);

    (from http://codex.wordpress.org/Administration_Over_SSL)

    Regards,
    Bron

Viewing 9 replies - 1 through 9 (of 9 total)
  • Do I need a plugin … if so which one. I have tried a couple (Admin SSL does not work for me)

    I am having this same issue, and no one has answered any of my responses either. I tried using WordPress SSL, but it didn’t work with the way I needed it to.

    When you use FORCE_SSL_LOGIN, it does not encrypt the login page. However, it does make the login page use SSL on submit, protecting your credentials.

    To see this, do a “View Source” on the login page and look for the <form> tag. The “action” attribute will says “https://….” This is all you need.

    What dbvista says is true. The problem is, my users don’t see the https or the lock symbol in the browser and they think the information is being sent in plain text.

    So how do you get the https and/or lock symbol to appear?

    Larry

    You can use FORCE_SSL_ADMIN instead of FORCE_SSL_LOGIN and it should return an HTTPS page. However, everything in wp-admin will be run through HTTPS instead of HTTP.

    Using FORCE_SSL_ADMIN is fine with me. I don’t unedrstand why FORCE_SSL_LOGIN doesn’t uses the HTTPS page.

    Hello!

    Is there a published solution to this problem anywhere?

    Here’s our setup and what we’re trying to achieve:

    * We’ve got a single installation of WordPress.
    * We run multiple subdomain sites with the single installation
    * We want a single user-registration process (registration for one implies registration for all)
    * Ideally, a single-sign-on – log in to one implies log in for all. We understand this might be a problem due to the cookie being set for the domain of the original sign-in, but if someone has solved this please let me know.
    * We would like the login, registration and all admin pages to be done over SSL.

    Has anyone out there achieved such a set up?

    Many thanks,

    Sean Scullion

    ps – does not need to be wildcard SSL, but that option is available to us if that’s the only solution.

    any ideas?

    Thanks!

    This (http://wordpress.org/extend/plugins/multisite-user-management/) should help with users having access across the board. If I remember correctly, in MultiSite, all users technically sign up in one place anyway. That plugin should help have all users be members of all sites.

    As far as SSL admin pages and login, you need to set the following in wp-config.php:

    define( 'FORCE_SSL_ADMIN', true );

    All of your admin logins and pages will be over HTTPS. Keep in mind, however, that some plugins do not recognize HTTPS and will not function correctly.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Multisite, SSL (wildcard) and forced login’ is closed to new replies.
Skip to toolbar