Title: wp-admin SSL
Last modified: August 22, 2016

---

# wp-admin SSL

 *  Resolved [dblinks](https://wordpress.org/support/users/dblinks/)
 * (@dblinks)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/wp-admin-ssl-1/)
 * Awesome plugin, thank you! [but experiencing a new glitch]
 * I’ve had a particular set up working for weeks using ssl with jonradio private
   site so everyone goes to https version of all urls including me in the dashboard.
   I have not updated or installed a new plugin but when I force https in the admin
   area now it takes me to my custom login page. When I remove the https from the
   admin area url’s I can work. But, if I specify in my server rules ALL pages on
   site are to be served with https including admin it redirects to custom login
   url specified in your plugin. I have not changed my permalink structure.
 * SSL setup is a proxy with Cloudflare
    Flexible SSL turned on in Cloudflare Cloudflare
   flexible SSL plugin installed SSL Insecure Content Fixer plugin installed
 * wp-admin
 * if (isset($_SERVER[‘HTTP_X_FORWARDED_PROTO’]) && $_SERVER[‘HTTP_X_FORWARDED_PROTO’]
   == ‘https’)
    $_SERVER[‘HTTPS’]=’on’;
 * require_once(ABSPATH . ‘wp-settings.php’);
 * Thanks for any insight you may provide on this.
    stu
 * [https://wordpress.org/plugins/jonradio-private-site/](https://wordpress.org/plugins/jonradio-private-site/)

Viewing 7 replies - 1 through 7 (of 7 total)

 *  [jon](https://wordpress.org/support/users/adiant/)
 * (@adiant)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/wp-admin-ssl-1/#post-5554105)
 * I’m going to have to re-create your setup on one of my test systems, so that 
   could take a while. Especially since I’ve never seen Cloudflare before.
 * First though, I need to verify that the code you display did not get corrupted,
   as you didn’t enclose it in backticks (the code button). Is this what it looks
   like?
 *     ```
       if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
            $_SERVER['HTTPS']='on';
   
       require_once(ABSPATH . 'wp-settings.php');
       ```
   
 * If so, where is this code being placed? You list wp-admin, but that is a folder,
   not a PHP file.
 * Thanks, in advance, for the clarification.
 *  Thread Starter [dblinks](https://wordpress.org/support/users/dblinks/)
 * (@dblinks)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/wp-admin-ssl-1/#post-5554128)
 * Thanks for the prompt reply. oops, that is at the very bottom of wp-config.php
   right before the last statement as indicated in /wp-content/plugins/ssl-insecure-
   content-fixer/is_ssl-test.php
 *     ```
       if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
           $_SERVER['HTTPS']='on';    
   
       /** Sets up WordPress vars and included files. */
       require_once(ABSPATH . 'wp-settings.php');
       ```
   
 * To re-iterate what is weird (and I may have done something subtle that broke 
   this) that it worked with my set up perfectly for a bit over a week and I did
   not have any plugin upgrades or new code insertions on this site that I knowingly
   changed, added or deleted. i.e. everything I run has always been maintained and
   prior conflicts/plugins always tested and resolved.
 * refs:
    [https://wordpress.org/plugins/cloudflare-flexible-ssl/](https://wordpress.org/plugins/cloudflare-flexible-ssl/)
   [https://www.icontrolwp.com/2014/10/enabling-cloudflares-universal-flexible-ssl-wordpress-without-infinite-redirect-loops/](https://www.icontrolwp.com/2014/10/enabling-cloudflares-universal-flexible-ssl-wordpress-without-infinite-redirect-loops/)
 * thx so much again for taking a look,
    stu
 *  [jon](https://wordpress.org/support/users/adiant/)
 * (@adiant)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/wp-admin-ssl-1/#post-5554134)
 * Great! That gives me what I need to do some testing and see what I can figure
   out.
 * Thanks for asking. I’ll report back here as soon as know anything of interest.
 *  Thread Starter [dblinks](https://wordpress.org/support/users/dblinks/)
 * (@dblinks)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/wp-admin-ssl-1/#post-5554138)
 * It’s asking a lot to have you go through this, signing up with Cloudflare etc.
   Your plugin is indispensable for my client, so much that https takes a back seat
   to the functionality you provide for WordPress as a private site. The good news
   is that the entire front end of the site works in http or https, and if I force
   it in admin I’m only kept out as long as I force https. Just a bit inconvenient
   and not the object of why. https is certainly a reality coming down the road 
   for most savvy site owners.
 *  [jon](https://wordpress.org/support/users/adiant/)
 * (@adiant)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/wp-admin-ssl-1/#post-5554154)
 * It took me a while, and a lot of creative thinking, to set up a test environment
   without incurring any costs, as Cloudflare usage requires a publicly-accessible
   domain name where I was willing to change name servers with real web hosting 
   behind it. I ended up using a parked domain on to a subdomain of another domain
   name.
 * It can take up to 72 hours for name server changes to take effect, so I won’t
   be able to work on this until then.
 * Glad that you are in a position to “get by” for the time it takes to address 
   this.
 * Thanks again!
 *  Thread Starter [dblinks](https://wordpress.org/support/users/dblinks/)
 * (@dblinks)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/wp-admin-ssl-1/#post-5554158)
 * er, yes. I’ve been on Cloudflare as a beta tester/early adopter since inception
   in 2009/10. It is actually a great way to manage many sites dns as a developer
   rather than to login to client hosting/registrar accts regardless whether you
   use the service or not, it’s a very fast and reliable dns solution. Just set 
   up a couple of A records and a subdomain is easy to point. All my sites are on
   Ubuntu w/Nginx webservers.
 * Exactly, no rush here will be cool to see what you come up with.
 * I have this set up on many sites, yet not that have your plugin with no similar
   issues. The site in question has an interesting collection of features but turning
   all plugins off other than essential to this set up didn’t change the fact of
   what I’m facing lately.
 *  [jon](https://wordpress.org/support/users/adiant/)
 * (@adiant)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/wp-admin-ssl-1/#post-5554402)
 * Sorry that this has taken so long. It has been a busy week for support for my
   plugins, two major ones without Workarounds like yours has. And busy with other
   responsibilities.
 * After a detailed look, I now understand what is going on. The bottom line is 
   that the implementation of the plugin’s Custom Login section settings are very
   restrictive.
 * In my testing just now on my test systems, which use a WordPress Page as a Custom
   Login page, everyone is forced to login on the Custom Login page. Once they have
   logged in, there are still on the Custom Login page. But they really are logged
   in, as the Admin Bar at the top of the page shows.
 * If I override the “Omit” Landing Location with the Advanced Setting “Allow Landing
   Location for Custom Login pages”, then I get myself into a Redirect Loop and 
   cannot login to my site at all, until I either delete my plugin with FTP or use
   PHPMyAdmin and alter the ‘private_site’ setting in the WordPress database.
 * The reason you were not seeing this behaviour previously is that WordPress considers
   https and http as two separate domains. Logging into one does not log you into
   the other. I’m a little unclear on why my plugin sends you to the Dashboard, 
   as I cannot re-create that on my test system. With WordPress Address (URL) set
   to http or https, I always end up on the Custom Login page, both for login and
   immediately after login.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘wp-admin SSL’ is closed to new replies.

 * ![](https://ps.w.org/jonradio-private-site/assets/icon-256x256.png?rev=3370795)
 * [My Private Site](https://wordpress.org/plugins/jonradio-private-site/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/jonradio-private-site/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/jonradio-private-site/)
 * [Active Topics](https://wordpress.org/support/plugin/jonradio-private-site/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/jonradio-private-site/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/jonradio-private-site/reviews/)

 * 7 replies
 * 2 participants
 * Last reply from: [jon](https://wordpress.org/support/users/adiant/)
 * Last activity: [11 years, 5 months ago](https://wordpress.org/support/topic/wp-admin-ssl-1/#post-5554402)
 * Status: resolved