[wp-trac] [WordPress Trac] #18680: Make SSL login-only possible (while leaving admin unencrypted)
WordPress Trac
wp-trac at lists.automattic.com
Fri Sep 16 05:54:34 UTC 2011
#18680: Make SSL login-only possible (while leaving admin unencrypted)
-------------------------+-----------------------------
Reporter: multimule | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.2.1
Severity: normal | Keywords:
-------------------------+-----------------------------
There are two options to be set in wp-config.php to enforce secure
connections.
With the following configuration, the login AND the backend will be done
via SSL:
define( 'FORCE_SSL_ADMIN', false ); // or true
define( 'FORCE_SSL_LOGIN', true ); // or false
As those are 'FORCE' parameters, one might consider it correct that, even
though one is set to 'false', both will be via HTTPS.
However, WordPress is currently missing an option to have ONLY the login
data sent encrypted and go on to the admin interface via a normal (non-
encrypted) connection. That scenario requires additional redirections on
the webserver.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18680>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list