[wp-trac] [WordPress Trac] #18680: Make SSL login-only possible (while leaving admin unencrypted)

WordPress Trac wp-trac at lists.automattic.com
Tue Sep 27 17:14:55 UTC 2011 

#18680: Make SSL login-only possible (while leaving admin unencrypted)
-------------------------+------------------------------
 Reporter:  multimule    |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  General      |     Version:  3.2.1
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+------------------------------
Description changed by nacin:

Old description:

> There are two options to be set in wp-config.php to enforce secure
> connections.
>
> With the following configuration, the login AND the backend will be done
> via SSL:
>
> define( 'FORCE_SSL_ADMIN', false ); // or true
> define( 'FORCE_SSL_LOGIN', true );  // or false
>
> As those are 'FORCE' parameters, one might consider it correct that, even
> though one is set to 'false', both will be via HTTPS.
>
> However, WordPress is currently missing an option to have ONLY the login
> data sent encrypted and go on to the admin interface via a normal (non-
> encrypted) connection. That scenario requires additional redirections on
> the webserver.

New description:

 There are two options to be set in wp-config.php to enforce secure
 connections.

 With the following configuration, the login AND the backend will be done
 via SSL:
 {{{
 define( 'FORCE_SSL_ADMIN', false ); // or true
 define( 'FORCE_SSL_LOGIN', true );  // or false
 }}}
 As those are 'FORCE' parameters, one might consider it correct that, even
 though one is set to 'false', both will be via HTTPS.

 However, WordPress is currently missing an option to have ONLY the login
 data sent encrypted and go on to the admin interface via a normal (non-
 encrypted) connection. That scenario requires additional redirections on
 the webserver.

--

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18680#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list