[Resolved] [Plugin: WordPress HTTPS (SSL)] Preventing users from loging in to WordPress.
I upgraded to version 3.0.1 and immediately, none of my users could log in to WordPress. I have removed it from my plugins folder (everyone could log in right away) and will probably not re-install it.
I am having the same problem–it won’t recognize my username and password, and I can’t log in to my Dashboard. I’ll remove it from my plugins, and see if that solves it (can I roll back to the former version, though?)
I imagine the previous version would work just fine. I didn’t find that it did everything it was supposed to do. I had a lot of pages showing mixed content still. I’ll wait for a more polished release or another solution.
Did you ever ask for support? I know I was gone while working on the rewrite. You know, support works both ways. When the plugin isn’t working, how about help me help you? Uninstalling the plugin doesn’t help anybody. I’ve spent hours, days, weekends testing this plugin. I do my best to assure that it works. It’s not a simple problem, so people shouldn’t treat it like it is. Saying that the plugin “didn’t do everything it was supposed to do” is an extremely simplistic view of the problem that the plugin is solving. There are many many reasons the plugin may appear to not be working. I can justify every “error” the plugin produces, or I can fix it if you help me by providing feedback or allowing me to test a bug fix in your environment.
I can’t fix problems I can’t reproduce. The faster people help me figure out what about their configuration is causing an issue, the faster I can roll out fixes.
You can find all previous version of the plugin here.
I’m having the same problem with 3.0.1. Can’t log in as an admin after logging out. The problem persisted even after removing the plugin directory.
The plugin can not affect your site after being removed. I can’t stress this enough. Redirects that continue to occur are generally due to browser caching.
Replacing the plugin directory files with those of 2.0.4 didn’t alleviate the problem. Here are more details.
The only active WordPress HTTPS settings were the hostname and to force admin HTTPS.
The main website shows that I am logged in regardless of whether using http or https. When I try to access the admin pages, I get redirected to
https://[SITE]/wp-login.php?redirect_to=https%3A%2F%2F[SITE]%2Fwp-admin%2F&reauth=1, which shows the login screen with no messages. Logging in through this page only leads to the same page with the login screen.
Clicking the log out link on the main website leads to
https://[SITE]/wp-login.php?loggedout=trueshowing the login form with the message “You are now logged out.” Logging in via this screen only leads to the same messageless login screen as above.
Despite the logout that claimed to be successful the main website shows that I am logged in.
The only difference that it makes at the moment whether the plugin is installed or not is that without the plugin, trying to access admin pages via http leads to the login reauth=1 page on http. When the plugin is on, the login reauth=1 page is shown on https.
It seems that whatever’s causing this is saved in either database, file system outside the plugin directory or client-side, eg. in a cookie. I’ll proceed to restore things from backup and report later.
Well, affecting after removing is a relative term. If it caused something, which isn’t fixed by removal, the cause still remains. Semantics aside, your tip about browser cache was a bullseye. After removing the plugin, I was able to log in via a different browser.
After installing 2.0.4 I was required to log in again through that browser, but that worked. I also verified that manually logging out after that didn’t spoil anything, and can now administer the blog through that browser.
Did you try resetting the plugin? You can do that from the plugin’s setting’s screen, or by adding
define('WPHTTPS_RESET', true);to your wp-config.php. Additionally, you could use the built-in uninstall process and the plugin will remove all of its settings.
Also, make sure you empty your cache and wipe your cookies to just to make sure nothing goofy is going on with either.
After removing the site cookies in the main browser I was able to log in to the site that now had 2.0.4 installed.
After resetting the settings in the plugin’s settings screen, setting Force SSL Administration on and updating from 2.0.4 to 3.0.1, the problem reappeared. Browsing admin pages over https: no problem. Going to main page over http: seemingly no problem, but the top bar links to admin pages were http ones. Clicking one of them led to the same problem with the login reauth=1 screen as before.
Clearing the cookies solved the problem – partly. I was able to log in and access the admin pages, but it’s all over http. Viewing
http://[SITE]/wp-admin/admin.php?page=wordpress-httpsthe setting Force SSL Administration is checked, which seems paradoxical. Resetting settings cleared the checkbox, and everything works just like when it was checked – no https. Checking the box and clicking Save leads to the login reauth=1 screen issue again.
This time clearing the cookies and logging back to the site yielded nearly the desired outcome: Link to login page was automatically https. Logging in worked, and admin screen was accessed via https. The link to main site is http, and works well, and the links there that point to admin pages are https, and work well.
Manually visiting an http admin URL, however, resulted in the login reauth=1 issue again. On that page, and the login page after clearing cookies, the link to the main page is https while it should be http.
After clearing the cookies again I have now reverted back to 2.0.4.
It crossed my mind that this problem may be a plugin conflict with 404 Redirected or Smart 404 after noticing that with 2.0.4 with default settings (no force SSL admin) and visiting a https admin URL, I was forced to log in again. This may be the default behavior that I just don’t remember, but it’s a bit odd. The logging in worked, and I was able to access the admin pages over https after that. Accessing the main site over http worked as well. Accessing the main site over https redirected to http. However, accessing the main sit over http required to log in again. Without the Force SSL Administration, using admin pages over SSL is a bugger.
2.0.4 with force SSL administration works exactly as desired.
Okay, well if you have a bug to report let me know. I can’t exactly reproduce whatever happened, so I can’t fix it.
I have the same problem. Rolling back to 2.0.4…
That’s pretty much all I can say, because I have no idea how I could be helpful.
It appears 2.0.4 doesn’t work anymore either. Every time I install it, it messes up every page layout.
Sorry that it has come to this, but I’m now forced to get another plugin to do the job. Hopefully you’ll get it fixed, tho.
I would expect 2.0.4 to work if you reset its settings (see Mvied’s instructions above) and clear your browser’s cache (at least all the cookies related to the site).
If it doesn’t work, it would be helpful to know the steps that led to the problem in more detail. For example which way did you roll back to 2.0.4: deleting the plugin through the file system or through the WordPress admin panel (not sure if your error was unability to log into the admin panel or that your users couldn’t log in), and which way did you install 2.0.4? Which settings do you have?
- The topic ‘[Resolved] [Plugin: WordPress HTTPS (SSL)] Preventing users from loging in to WordPress.’ is closed to new replies.