Support » Plugin: WordPress HTTPS (SSL) » [Plugin: WordPress HTTPS (SSL)] 3.03 does not secure Admin front page even w/ option checked

  • Resolved sjpanther01

    (@sjpanther01)


    I have both “Force SSL Administration” and “Force SSL Exclusively” check in WordPress HTTPS. However, when I go to my Admin page without specify HTTPS in the URL it serves the page with HTTP–I would expect it to redirect to HTTPS since “Force SSL Admin” is set. This worked in earlier versions. I’ve tried in both FF and Chrome with same results.

    http://wordpress.org/extend/plugins/wordpress-https/

Viewing 15 replies - 1 through 15 (of 19 total)
  • I’m having exactly the same problem: “Force SSL Administration” isn’t working on the login page.

    Also, after I log out, the “Back to …” link takes me to an HTTPS version of the home page, even though I checked “Force SSL Exclusively.” I have not checked “Secure Front Page.”

    I’m currently using WordPress 3.3.2 and plugin 3.0.3. This functionality worked for me under WordPress 3.3.1 and plugin 2.0.4.

    Plugin Author Mike Ems

    (@mvied)

    Could either of you send me a login for your site so I can take a look?

    Is there a private email where I can send it?

    Plugin Author Mike Ems

    (@mvied)

    Yes, mike[at]mvied[dot]com.

    Plugin Author Mike Ems

    (@mvied)

    I’ve investigated this issue on sjpanther01’s site and I can see no reason why it’s not working. This feature works fine on every other server I’ve tested it on. I got to debug the code on his server, and I could not figure it out.

    One line, here, registers the redirect check method.
    add_action('template_redirect', array(&$this, 'redirect_check'));

    In the redirect_check method, if I put a statement that would kill the page, it never runs. I don’t know why, but it must be from another plugin or theme.

    Thanks,
    Mike

    I would be curious if the other person who reported having this problem might provide some info or at least his hosting information.

    Also, given that this happens at the Admin login screen, is it really likely a plugin or theme conflict?

    Plugin Author Mike Ems

    (@mvied)

    Hey sjpanther01,

    All I know is I’m telling WordPress to run a hook and it’s not. The only thing I can think of is maybe this hook isn’t called on the login page, but that doesn’t make sense because it works on every other site I’ve tested it on.

    Thanks,
    Mike

    Mike, I’d like to add that plugin 2.0.4 works perfectly with the WordPress 3.3.2 update in my shared SSL certificate configuration. Plugin 3.0.3 does not break the display of graphics on my site the way that 3.0.2 did, so that is progress! I’m reverting back to 2.0.4 on my production sites for the time being. I’ll see if I can set up a site for you to test later this week. -Fred

    I deactivated all plugins and I still can’t bring up Admin login page without explicitly typing “https://” with version 3.03.

    Plugin Author Mike Ems

    (@mvied)

    Hey sjpanther01,

    I can’t fix it. It doesn’t make sense. This problem does not happen for anyone else.

    I think Fred is having a separate issue. He has a very different setup.

    Thanks,
    Mike

    Mike,

    Here’s some additional info on the testing I did. I deactivated all plugins except yours, and I switched to the Twenty Eleven theme. The behavior was the same as when all my other plugins are active and I use the Genesis theme framework from StudioPress. It looks like we can rule out a plugin or theme conflict.

    Also, I should say that “Force SSL Administration” works partially. It doesn’t always invoke HTTPS in the URL on the login page, but it does always invoke HTTPS on the login form within the login page. Logins are actually secure, even if they don’t look that way!

    Fred

    Plugin Author Mike Ems

    (@mvied)

    Hey Fred,

    I can try the same things I tried on sjpanther01’s site, but no promises that I can get it to work. I don’t know how you troubleshoot something like a hook (the essence of all plugins) when it just doesn’t work for a couple of people.

    Thanks,
    Mike

    Mvied,

    It appears others on this forum are seeing this problem. I am still seeing this issue and have checked with my host. Could it be that how you are calling your hook is incompatible with current WordPress 3.3.2? Turning on WordPress DEBUG I get the following:

    Notice: wp_enqueue_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or init hooks. Please see Debugging in WordPress for more information. (This message was added in version 3.3.) in /home/norman/public_html/wp-includes/functions.php on line 3587

    Notice: Undefined variable: url_parts in /home/norman/public_html/wp-content/plugins/wordpress-https/lib/WordPressHTTPS/Module/Filters.php on line 82

    Plugin Author Mike Ems

    (@mvied)

    Well, the first Notice isn’t from my plugin, but the second is actually a bug. Go ahead and re-download the plugin from the Dashboard and see if anything changes. At the very least you should stop receiving the Notice.

    Where should I download get the updated version? It’s not visible in my dashboard. Or, are you implying for me to wait until WordPress.org notifies me of a new version?

Viewing 15 replies - 1 through 15 (of 19 total)
  • The topic ‘[Plugin: WordPress HTTPS (SSL)] 3.03 does not secure Admin front page even w/ option checked’ is closed to new replies.