[wp-hackers] thorough admin SSL

Steve Taylor steve at sltaylor.co.uk
Wed Feb 3 23:31:30 UTC 2010

Mike, many thanks for those. I was using FORCE_SSL_ADMIN but I didn't
know about FORCE_SSL_LOGIN.

I don't manage the server, I'll check with the admins about maybe
using mod_substitute. Sounds like a good idea.



On 3 February 2010 22:50, Mike Little <wordpress at zed1.com> wrote:
> Steve,
> I have encountered this on a project before, in particular, wpmu has several
> places hard-coded with 'http' (it also doesn't support a port number in
> urls, but that's another project problem I had to solve).
> My simple fix was to do it in Apache using mod_substitute - forget output
> buffering and all that hassle. Worked like a charm! (I still turned on the
> WP settings, and had a bounce-everything-to-https rewrite rule.)
> Add the following to wp-config.php
>  define( "FORCE_SSL_ADMIN", true );
>  define( "FORCE_SSL_LOGIN", true );
> Add the following rule to the .htaccess at the root of the site.
>  RewriteCond %{HTTPS} ^off$ [NC]
>  RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
> Add the following to the vhost settings in main apache config
>  AddOutputFilterByType SUBSTITUTE text/html
>  AddOutputFilterByType SUBSTITUTE application/atom+xml
>  AddOutputFilterByType SUBSTITUTE text/xml
>  AddOutputFilterByType SUBSTITUTE application/xhtml+xml
>  Substitute s|http://yourdomain.com|https://yourdomain.com|in
> substituting the correct host names.
> This was for the whole site served as https , but you could wrap the
> substitute stuff in a <location> section to just cover wp-login.php,
> wp-register.php and /wp-admin/
> Oh, and because this was an existing site with lots of content, I did a
> export/search-and-replace/import on the database too.
> Hope this helps,
> Mike
> --
> Mike Little
> http://zed1.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list