lesb55

Oops! spoke a bit soon.

If I have my wp-config set: define(‘FORCE_SSL_LOGIN’, true);
then this option simply shows as greyed out and checked in WordPress HTTPS – this is correct.

But if I have: define(‘FORCE_SSL_LOGIN’, false); (or this field totally removed) in my wp-config;
Then if in WordPress HTTPS I check the box: “Force SSL Login – Always use HTTPS when logging in”, this box does not stay checked when I refresh my browser.

A minor glitch – to be sure.

Yep,
Works perfectly – this ones a thumbs-up from me!

Now, if I set my wp-config file as:
define(‘FORCE_SSL_LOGIN’, true);
this shows as greyed out and checked in WordPress HTTPS.

However; if I have: define(‘FORCE_SSL_ADMIN’, false); in wp-config, this is not recognized (and will be over-ruled by) whatever you set here in WordPress HTTPS.

Purists may disagree; but this is completely acceptable by me!

But for sure someone is going to ask: “what should I use – SSL Login or SSL Admin?”
Answer: http://codex.wordpress.org/Administration_Over_SSL

Which Should I Use?
FORCE_SSL_LOGIN is for when you want to secure logins so that passwords are not sent in the clear, but you still want to allow non-SSL admin sessions (since SSL can be slow).
FORCE_SSL_ADMIN is for when you want to secure logins and the admin area so that both passwords and cookies are never sent in the clear. This is the most secure option.

But then: “how do I know my login details are sent encrypted when I check: Always use HTTPS when logging in?”
Or: “I can’t see any padlock symbol when I login”.

I have to admit: it would be cool if the plugin could show the padlock symbol where you login, but then took you to the http page in admin.

Past me bothering about, but perhaps for a future release?
http://www.thatsgeeky.com/2012/01/wordpress-ssl-login-page-without-ssl-admin/

You are right.
If my wp-config.php is set:

/** Force Admin login to SSL. */
define(‘FORCE_SSL_LOGIN’, true);
define(‘FORCE_SSL_ADMIN’, true);

then the ‘Force SSL Administration’ checkbox is greyed out, (and the error appears).
With v2.0.4, this used to be checked & greyed out, but the error message did not appear.

Delete these lines from wp-config, the error message doesn’t show, and WordPress HTTPS can then be used to force both login & admin over SSL.

But I like to have:
/** Force Admin login to SSL. */
define(‘FORCE_SSL_LOGIN’, true);
define(‘FORCE_SSL_ADMIN’, false);

This is because SSL is slower, and there are too many unsecured elements on my admin page (the plugin ‘Wordfence’ also locks me out because of too many 404s).
But I do prefer my login details being sent encrypted (in Opera; you sometimes see the padlock symbol just momentarily – as you login).

As a feature request; perhaps you could add another checkbox: ‘Force SSL Log In only’

People like me could then choose either: ‘Force SSL Log In only’ or ‘Force SSL Administration’ (without having to fiddle with their wp-config file)

Is this feasible?

Id really appreciate that Mike,
sending access details to your email address now.

Just to be sure, I totally re-copied my live website to my test account (including the database). Same deal; plugin update activates OK on my test website, but not my live site. These two accounts in WHM are identical – except for my live site having a dedicated ip.

Given time I can usually figure out most problems myself, but this one has me stumped!

Thanks for your time Mike, I have donated to this plugin in appreciation of your work.

I do already have a duplicate test website set up on this same server.
WordPress HTTPS 3.1.2 activates no problem on this test site (with all the same plugins active).
I don’t of course have an SSL certificate set up for this site, so redirects to SSL don’t work here.

Tried activating WordPress HTTPS 3.1.2 on my live site with all other plugins deactivated – same error.

The error is obviously being caused by some difference in server configuration between these two websites. The ONLY difference I can see is that my live site uses a dedicated IP, whereas my test site uses the shared server IP.

Thanks for your suggestions Mike,
Setting permissions to world writable (777) for all files and folders of the plugin, including my wp-config, just returns the same error on activation.

Looking at the error log in cpanel; every time I installed and tried to activate latest version, this error got recorded (twice):

PHP Fatal error: Class ‘WordPressHTTPS’ not found in /home/—–/public_html/wp-content/plugins/wordpress-https/wordpress-https.php on line 49, referer: https://www.lusanbidets.com.au/wp-admin/plugins.php?error=true&plugin=wordpress-https%2Fwordpress-https.php&_error_nonce=d1380ee602

The ‘nonce=d1380ee602’ gets changed to a different number each time.

Thanks for your response Mike.

Completely uninstalled 2.0.4 (including all wordpress-https options in database).
Installed 3.1.2 and same deal – trying to activate gave:

Fatal error: Class ‘WordPressHTTPS’ not found in /home/—–/public_html/wp-content/plugins/wordpress-https/wordpress-https.php on line 49

Tried deleting this line, then activating and got:

Fatal error: Call to a member function setSlug() on a non-object in /home/—–/public_html/wp-content/plugins/wordpress-https/wordpress-https.php on line 49

My wp-config has:
/** Force Admin login to SSL. */
define(‘FORCE_SSL_LOGIN’, true);
define(‘FORCE_SSL_ADMIN’, true);
Tried setting these to false – same.

Everything works perfectly with version 2.0.4