WordPress MU

I was trying to find out if people have only the admin part running on HTTPS.

I have the idea that it's possible, but it needs a copy of the running version or at least an extra vhost for https support so you can run both.

And both with the same DB.

Someone advise ?

I think you could move to admin panel to secure.yoursite.com or something and set https there, you would have to get it when you goto yoursite.com/wp-admin/ to foward it to secure.yoursite.com/wp-admin/ but I think you could do that with htaccess.

I think we can't get any closer.

I only have to include the config file as far as I can see and change that path in de index.php

You should look at this plugin: http://wordpress.org/extend/plugins/secure-admin/

Yes I have seen that one, but I was not able to see (without testing it yet) how it works exactly.

Is it not possible to move the admin/ folder ?

Re: Mattz - http://haris.tv/2007/04/24/admin-ssl-new-wordpress-plugin/

It's the plugin homepage. It works out of the box, unless you use a shared certificate. The one you can download from the above link is also PHP 5.2.1 compatible.

A question I have regarding wordpress and ssl certificates:
Given wordpress mu uses mod_rewrite to pretty up all the urls, and users blogs aren't actually under subdomains, they just look like it, would I still need a wildcard certificate in order to cover all the individual blog's admin pages, or would one certificate blanket all pages?
*Hopes one will blanket all pages*

Yes, it might be.

But it's not possible to use the admin like:

https://admin.domain.tld

So actually on a subdomain ?

That would be great !

I more meant something like using one certificate to cover:
https://www.domain.tld/wp-admin/
https://blog1.domain.tld/wp-admin/
https://blog2.domain.tld/wp-admin/
etc

Seems logical to me, since wordpress uses mod_rewrite instead of actual subdomains, and my server-side traffic reports (which are supposed to be confined to a domain or subdomain) report on my test wordpress mu install, which is installed on a subdirectory.

I think the mod_rewrite has something to do with the server giving me stats from somewhere it tells me it can't, which gives me hope that I can run it all off one certificate, saving money. A lot of money.

Yes I agree with you there, but I already have a Wildcard, so actually it's not an issue for me, but indeed... for people who want to save money it's great.

I'm thinking about removing the whole admin section from the normal install and move that part to the subdomain.

Now I have to figure out if, I think that's the most wise, I copy my whole WPMU install first to the subdomain how I ripp out the blog function on that subdomain. so that people can't visit their site too like :

blog.subdomain.domain.tld.

It's a fancy setup, but can be nice when you want to seperate the admin server from the real hosting server.

That's actually a good idea. I wouldn't mind having the whole admin environment completely separate from the hosting envoronment, but one would expect it to take quite a bit of hacking.

I'm currently trying to tweak my current mu project's layout, but it's really beginning to annoy me. Why is it there's always one page that seems identical to the others in terms of div's, but always has something displaying wrong?... Plus it's 1:40am!

However, I might look into separating the admin environment one day, sounds like it'd be good. Good luck with it mate, you might need it

I have the idea that it's quite simple actually.

As long as you have the same plugins on both ends it should be OK.

Only fileupload can or will be a problem, but I think you can change the path for this ?

I see no reason why you couldn't, I'm just not in the mood to scrawl through code right now. I can't find any plugins for it, but the file upload directory should be somewhere in the code, and as long as you find every instance of it, you should be able to change it without any bugs.

yes, just to have that confirmed :)

Now I have to check out how I can remove the functionality that users can see their blog using that same admin install.

Maybe by removing the .htaccess ?

No problem at all... this help is what I need... if you like to crawl... always welcome ofcourse !

Thanks.