SSL Admin

  • In WP 2.7 when I add define(‘FORCE_SSL_LOGIN’, true); to my wp-config it works fine. When I replace this with define(‘FORCE_SSL_ADMIN’, true); (what I actually want it to be) it causes a redirect loop between http and https. Any ideas?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator Jan Dembowski


    Volunteer Mod. & Brute Squad

    Instead of replacing that line try adding both.

    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);

    If you have not already, visit http://api.wordpress.org/secret-key/1.1/ and copy that output into your wp-config.php (backup that file first).

    Also if you have anything in your .htaccess file related to SSL, make a copy of that file and remove the SSL portions.

    I have the same problem with WP 2.7: FORCE_SSL_LOGIN works but FORCE_SSL_ADMIN results in an infinite redirect loop. I, too, would prefer to use FORCE_SSL_ADMIN as it encrypts the entire admin session, not merely the exchange of cookies. According to Ryan’s post on SSL and Cookies, you should be able to use either one of these statements alone, not together.

    Moderator Jan Dembowski


    Volunteer Mod. & Brute Squad

    Edit: Merry Christmas!

    you should be able to use either one of these statements alone, not together.

    Just out of morbid curiosity, does it work when you use both? I use both and it works fine for one of my 2.7 blogs.

    Admin pages and login are SSL protected, the blog is http (not SSL).

    When I use both, I get the same problem as if I use only FORCE_SSL_ADMIN alone.

    Moderator Jan Dembowski


    Volunteer Mod. & Brute Squad

    The only reason a redirect loop that would happen is if the SSL version of those pages was not able or permitted to read the cookies and you kept being sent to a page that was still not setting them correctly.

    Is there anything in your .htaccess relates to https? No admin-ssl plugins? When all your plugins are disabled, do you still get that loop?

    Outside of those items I’m stumped.

    My web server is nginx which does not rely on htaccess files, and I have no other plugins active as of this time. Based on searching the wordpress 2.7 installation files, I can see that FORCE_SSL_ADMIN is used in 5 files:


    I am going to look at each of these files to see if I can figure out why this particular directive is not working in 2.7. I will write back if and when I can find an answer.

    Moderator Jan Dembowski


    Volunteer Mod. & Brute Squad

    Also checkout your access logs and error logs.

    If you are being redirected to a login page repeatedly, there should be something in those log files then you should see 302 for /wp-admin/ to /wp-login.php.

    Good luck and Merry Christmas.

    Problem solved. nginx does not automatically set the _SERVER[‘HTTPS’] variable, which is how wp-login.php detects whether SSL is being used. Add this line to the nginx server configuration file (for your SSL connection only) to ensure that the HTTPS variable is set:

    fastcgi_param HTTPS on;

    Im using WordPress 2.8.2. and I installed the Wp-ecommerce plugin. My next step when setting up the Admin SSL I keep running into problems. I have to have this for google Checkout. Since there asking for a https link.

    What Keeps happening is when I activate the Admin SSL 1.4, my page redirects and gives me an error. Then I cannot get back into my admin of wordpress unless I delete the admin ssl plugin from ftp. Can somebody please help me out.

    dbride20@yahoo.com, or reply to this post. Thanks Thanks Thanks.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘SSL Admin’ is closed to new replies.