[wp-trac] [WordPress Trac] #16823: FORCE_SSL_LOGIN breaks login pages on multisite with subdirectories

Thu Mar 10 16:52:38 UTC 2011

#16823: FORCE_SSL_LOGIN breaks login pages on multisite with subdirectories
--------------------------+-----------------------------
 Reporter:  dbvista       |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Multisite     |    Version:  3.1
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 For WordPress 3.1 with multisite (subdirectories) and the default
 .htaccess file, using FORCE_SSL_LOGIN works fine for the main login page
 (/wp-login.php), but breaks for individual blogs' login pages (/NameOfBlog
 /wp-login.php).

 This is either a documentation oversight (i.e., FORCE_SSL_LOGIN is not
 sufficient, you must add .htaccess rules too), or FORCE_SSL_LOGIN should
 do the right thing.

 Basically, https://site.com/nameofblog/wp-login.php produces a 404 if you
 merely enable FORCE_SSL_LOGIN.

 .htaccess is untouched since I installed WordPress:

 {{{
 RewriteEngine On
 RewriteBase /
 RewriteRule ^index\.php$ - [L]

 # uploaded files
 RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2
 [L]

 # add a trailing slash to /wp-admin
 RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

 RewriteCond %{REQUEST_FILENAME} -f [OR]
 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^ - [L]
 RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
 RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
 RewriteRule . index.php [L]
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16823>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software