The MU forums have moved to WordPress.org

Problem with Force SSL (5 posts)

  1. j.oateslarsen
    Member
    Posted 14 years ago #

    I had originally posted this under wordpress.org but it was suggested there I should post this here.

    I've scoured the Forums but can't seem to find a direct answer to my particular question.

    I am trying to use WordPress built in SSL security to enforce a secure back-end.

    I am running WPMU with the latest stable 2.8.4 core.

    I have used every combination possible with the following config commands:

    define(’FORCE_SSL_ADMIN’, true);
    define(’FORCE_SSL_LOGIN’, true);

    I *do* succeed in compelling an SSL session -but it compels for *all* requests not just to the admin backend.

    So, any call to the regular site, when not logged in, also forces the site to be rendered using https. I do not want this.

    I *only* want backend administrative activities secured.

    Any help or links to something obvious that I missed would be greatly appreciated. Thank you!

  2. webhostuk
    Member
    Posted 14 years ago #

    Have you checked : http://codex.wordpress.org/Administration_Over_SSL

    Hope it helps.

  3. j.oateslarsen
    Member
    Posted 14 years ago #

    Yes, thank you -have read that at least 3 times for any help. :-)

    Again, I have *no* problem enabling SSL. The problem is that it forces SSL over all blogs all the time -not just when someone is logging in or working in the back-end administration.

    SSL is too slow to serve up standard content... I only want SSL to protect the backend.

  4. Klark123
    Member
    Posted 14 years ago #

    Just to clarify, is your content available at both the http and https urls?

    I am using the same method as you and my content is indeed available at both URLs. The admin is available only at https.

    If your case is like mine, you could use a different robots.txt for the https side of things to stop google from indexing it.

  5. j.oateslarsen
    Member
    Posted 14 years ago #

    In my case, for whatever reason, using either or both:
    define(’FORCE_SSL_ADMIN’, true);
    define(’FORCE_SSL_LOGIN’, true);

    caused HTTPS to be enforced *ALL THE TIME* in my WPMU install and one could NOT access via standard http call. This was maddening because it caused super-slow page loads. I don't need HTTPS all the time for all pages.

    I deleted the "define" statements and concentrated on just .htaccess.

    My solution was to edit the .htaccess file in the root where WPMU is installed.

    Just after the section:
    #add trailing slash to /wp-admin
    RewriteCond %{REQUEST_URI} ^.*/wp-admin/$
    RewriteRule ^(.+)$ $1/ [R=301,L]

    I added the following:
    # BEGIN SSL
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} ^/wp-admin/?
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]
    # END SSL

    This, so far, has solved my backend SSL problem.

About this Topic

  • Started 14 years ago by j.oateslarsen
  • Latest reply from j.oateslarsen