[wp-trac] [WordPress Trac] #20253: SSL login in custom port

Sun Mar 18 09:26:18 UTC 2012

#20253: SSL login in custom port
---------------------------+------------------------------
 Reporter:  rseabra        |       Owner:
     Type:  enhancement    |      Status:  new
 Priority:  normal         |   Milestone:  Awaiting Review
Component:  Template       |     Version:
 Severity:  normal         |  Resolution:
 Keywords:  has-patch ssl  |
---------------------------+------------------------------
Changes (by dd32):

 * component:  Security => Template

Old description:

> From my blog article, http://blog.1407.org/2012/03/18/log-into-wordpress-
> with-ssl-on-custom-port-if-needed/
>
> In order to login into WordPress with SSL you just need to add the
> following to wp-config.php:
>
> {{{
>     define(‘FORCE_SSL_LOGIN’, true);
>     define(‘FORCE_SSL_ADMIN’, true);
> }}}
>
> But that redirects you to https://www.yourDomain.org/. What if you need
> to redirect into https://www.yourDomain.org:8443/ ? What then?
>
> Well, the following patch will allow you to add a property called
> CUSTOM_PORT which you will define as your desired port. In case of my
> small example, 8443 like this:
>
> {{{
>     define(‘CUSTOM_PORT’, 83);
> }}}

New description:

 From my blog article, http://blog.1407.org/2012/03/18/log-into-wordpress-
 with-ssl-on-custom-port-if-needed/

 In order to login into WordPress with SSL you just need to add the
 following to wp-config.php:

 {{{
     define(‘FORCE_SSL_LOGIN’, true);
     define(‘FORCE_SSL_ADMIN’, true);
 }}}

 But that redirects you to https://www.yourDomain.org/. What if you need to
 redirect into https://www.yourDomain.org:8443/ ? What then?

 Well, the following patch will allow you to add a property called
 CUSTOM_PORT which you will define as your desired port. In case of my
 small example, 8443 like this:

 {{{
     define(‘CUSTOM_PORT’, 8443);
 }}}

--

Comment:

 Quick thoughts:
  * Won't work when installed in a subdir (site url returns
 http://something.com/wordpress/)
  * is_ssl() may not reconise the alternate port in some configurations
  * not all ssl links are generated through that function (unfortunately),
 there are a number of cases of code such as: `wp_redirect('https://' .
 $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);` (wp-login.php)
  * This could also be achieved using a filter (other than the above case
 where url's aren't generated with filtered functions)
  * CUSTOM_PORT would be better off named SSL_PORT or similar.

 (Pulling out of the Security component since it's not a security issue in
 WordPress)

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20253#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software