Support » Plugin: iThemes Security (formerly Better WP Security) » Redirect Permalinks to use HTTP when Forcing SSL Admin

  • Hi,

    Upon forcing SSL Login and Admin with WP-Better Security, I have an issue where permalinks on my WP Network’s blogs are using HTTPS when they should be using HTTP instead.

    I map domains for my mutlisite’s subdomain sites, and not all of those mapped domains for those subsites have an SSL certificate, so permalinks for pages and blog posts should not be linked to on the back-end (WordPress admin pages) using SSL/HTTPS.

    Is there any way to turn off SSL/HTTPS for page and post permalinks? Or force permalinks to use HTTP regardless of the WP-Better Security SSL Admin option being implemented?


Viewing 3 replies - 1 through 3 (of 3 total)
  • I guess perhaps a better way of going about this is to ask:

    How can I force SSL login without forcing the WP admin backend to be served over SSL?

    I see the checkboxes under the “SSL” tab and have only checked the one that relates to login.

    However, even when just forcing SSL login, the admin backend pages still end up getting served over SSL once the users is in the back-end. Which in turn makes everything (including their permalinks) use HTTPS.

    Once they login (over SSL/HTTPS), I would like all URLs to switch to HTTP.

    Finally got a little closer.

    However forcing SSL login still isn’t working.

    I have define(‘FORCE_SSL_LOGIN’, true); [added by WP Better Security] in my wpconfig.php file, yet when looking at the login page’s source code the “action” parameter for the login form on the page still isn’t being served over SSL.

    <form name="loginform" id="loginform" <strong>action</strong>="" method="post">

    Any thoughts on how I can get SSL login to work? I’m using a wildcard SSL.

    It also appears, that WP-Better Security seems to add extra spaces into the lines its adding to my wpconfig.php file. Although removing those spaces doesn’t seem to help getting SSL Login to work.

    define( 'DISALLOW_FILE_EDIT', true );
    define( 'FORCE_SSL_LOGIN', true);

    Shouldn’t it be:

    define('DISALLOW_FILE_EDIT', true);
    define('FORCE_SSL_LOGIN', true);


Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Redirect Permalinks to use HTTP when Forcing SSL Admin’ is closed to new replies.