[jeffbrl]

I'd like to securely access my WordPress admin page. I've read the material about shared SSL on Inmotion Hosting's support pages as well as WordPress documentation. It is unclear to me if I need a plugin to accomplish what I want.

I added "define('FORCE_SSL_ADMIN', true);" to my wp-config.php file.

The URL I'm using is https://secure51.inmotionhosting.com/~myusername/wp-admin. This page redirects me to https://mydomain.com/wp-login.php?redirect_to=https%3A%2F%2Fsecure51.inmotionhosting.com%2F~myusername%2Fwp-admin%2F&reauth=1. I get a 404 error.

Can someone please explain what is incorrect or refer me to the appropriate documentation?

Jeff

[bradm]

Hi Jeff,

I remember looking into this issue once before, and was not able to find a solution. It is quite tricky to get the Shared SSL certificate working along with FORCE_SSL_ADMIN. Let me look into this a little further, and I'll touch base shortly in regard.

Thanks!
- Brad

[bradm]

Hi Jeff,

I've been reading quite a bit, and requiring WordPress to use a shared ssl certificate when logging in seems to be quite a difficult task. I've heard there are plugins that help with using a shared SSL, but I've also read that lately those plugins are buggy and the plugin developers are no longer using them.

I had an idea that you can possibly setup WordPress parameters within wp-config on the fly. If the url contains wp-admin or wp-login, then change the wordpress url to use the SSL host. If not, then obviously don't.

I updated my wp-config.php file to include the following:

Code: Select all

if( $_SERVER['HTTPS'] || substr_count($_SERVER['SCRIPT_FILENAME'],"wp-admin") > 0 ||  substr_count($_SERVER['SCRIPT_FILENAME'],"wp-login.php") > 0)
{
   // if we need to force SSL
   define('WP_HOME','https://secure108.inmotionhosting.com/~inmoti6');
   define('WP_SITEURL','https://secure108.inmotionhosting.com/~inmoti6');
}
else
{
   // if we don't need to force SSL
   define('WP_HOME','http://inmotiontesting.com');
   define('WP_SITEURL','http://inmotiontesting.com');
}


/* That's all, stop editing! Happy blogging. */

Initial testing shows that this is working. What I do notice is that when you upload an image in an article/post, the url will be called using the shared ssl certificate, but this is not causing any problems within my browser.

If you can, test the above code in your wp-config file and let us know how it goes.

Thanks!
- Brad

[jeffbrl]

Brad,

I am able to log in successfully using your code in wp-config.php. You might want to consider adding a new entry in the Knowledge Base on this subject. I'm sure others will find this information very useful.

Thank you very much for your efforts.

Jeff L.

[KevinW]

Brad,

I am able to log in successfully using your code in wp-config.php. You might want to consider adding a new entry in the Knowledge Base on this subject. I'm sure others will find this information very useful.

Thank you very much for your efforts.

Jeff L.

Jeff,

I am glad that worked for you! We are working now on expanding our Knowledge Base and since this has become a common issue with the increased popularity of WordPress, an article on this issue is very likely. If you have any other questions just let us know!

Kevin

[Leslie]

Disregard this post, please. I found my problem...thanks.

Hello,

I have tried to enter the same code that worked for you two and I'm getting an error with the 'else' statement: "syntax error, unexpected T_ELSE in line 44". Any ideas as to why?

[bradm]

Hi Leslie,

It sounds like you may have forgotten the closing bracket after the else statement.

If you can PM me your config file, I'll be more than happy to take a look at it for you.

Thanks,
- Brad

[Leslie]

Hi Brad,

I found the problem with my statement, but I do have one other question regarding the whole SSL thing:

I can secure wp-admin, but do you have any suggestions as to how I could secure my ecommerce cart URL with the shared SSL(my cart is not anything offered from Inmotion..i.e. zen cart, etc.)? Ideally, it would make sense to purchase a dedicated SSL, but is there a way to have the logins on my site and the shop itself https:// without having to use the https://secure.... for the entire site?

I read that you could go to the Website builder in AMP and create an external link, but that's only if your site hasn't been created yet and you're using that platform, right?

Right now, I have the Wordpress URLand the Site URL pointing to https://secure... for testing purposes. This still directs to http:// once you actually hit my site. I also will eventually want to change everything back except for the secure wp-admin, so how do I make the shop and the logins secure only once the site is live, using shared SSL. I tried downloading a Wordpress HTTPs plugin, but it crashed everything.

Any ideas? Thanks for your help in advance.

Leslie

[TimS]

Hello Leslie,

Thank you for contacting us. I'm more than happy to assist you. I'm sorry to hear you are having trouble using the shared SSL for the server on various parts of your website.

I see you mention WordPress, Premium Web Builder, and ZenCart. What is your shop built in as well as what is your website built with? Are you using a WordPress plugin for your shopping cart? Also, to be able to assist you further and for testing purposes can you provide us with links to your login page as well as your shop?

Thank you!

Tim S.

[Leslie]

Hi,

No, I'm not using a plugin for the cart. I purchased a Wordpress ecommerce theme where the cart is custom developed. I was just wondering what necessary steps I need to take in order to have certain areas of my site secured using the shared SSL?

Thanks -

Leslie

[TimS]

Hi Leslie,

Thank you for responding so quickly. Typically, e-commerce shopping carts will ask you during the set up if you have an SSL to it can be correctly configured. However, WordPress by default, does not do this since natively it's not a shopping cart.

I hate to say this but since you are using a custom theme, it may be wise to contact the theme's developer to find out more information and if it is possible. If they provide you with directions on how to do so, please feel free to contact us and we'd be more than happy to assist you setting it up.

I did want to make you aware of one issue however. Let's say your domain is: YourDomain.com, when your customer's visit your website, that's the URL they will see. If you force the shopping cart to use a shared SSL then once your visitors are re-directed to the SSL they will see something like this: https://secure107.inmotionhosting.com/~user

This can often confuse website visitors since it no longer looks like they are on your website. This is one of the reasons we recommend purchasing a dedicated SSL.

If you need further assistance or have any more questions for us, please feel free to contact us.

Thanks!

Tim S.

[CPL]

I tried the code posted above to switch to SSL when using 'admin'..and it worked nicely. I had also found the following code on another site where the writer said he had used it after he had also done a bit of SSL/wp-admin redirection:

define('WP_CONTENT_URL', 'http://blog.hisdomain.com/wp-content');

Supposedly this statement got his uploads to go to the right location.

When I logged in to wp-admin, I did get switched to the SSL login as expected, but unfortunately the permalink definitely still showed the URL going to "securexxx...", so the above statement redefining the wp-content directory did not fix that part at least. More oddly, when I tried uploading an image into a page, even in 'visual' mode it put in the raw html--not the image. Very weird. Anyone else have this happen?

For now I removed the SSL code since I'd love having an automatic SSL connection when logging in as WP admin, but, not so much if it's going to mess up the URL's in the permalink or other uploads, etc. Has anyone ever found a good way to get the shared SSL to work but keep the actual link to be correct?
Thanks,
CPL

[TimS]

Hi CPL,

thanks for posting in our forums. I'm more than happy to assist you today. The shared SSL certificate is issued to secureXXX.inmotionhosting.com so there is no way to legitimately use your URL with HTTPS and the shared certificate.

I hope this helps! If you need further assistance please feel free to contact us.

Thanks!

Tim S

[CPL]

Hi Tim,
I appreciate the answer...I think it may have been you (?) posted the sample code that showed it was possible to detect an 'admin' login and redirect the connection to "securexxx..." and actually get an https connection. That actually worked for what I, and a lot of others, seem to be hoping to do, so that possibility is great to know.

I wasn't trying to use my whole URL with SSL, just trying to see if I could at least get an SSL connection while using wp-admin for Wordpress., which obviously can be done. It was the problem that any links generated while connected that way ended up with "securexxx.." as well instead of having the needed "www.mydomain.com" in the URL. I'd hoped that defining the wp-content directory to explicitly be the desired 'mydomain.com/wp-content' would fix the URL issue, but it didn't seem to.
Still, I have a feeling that it should be possible to specify a temporary 'define' like this, since we're temporarily defining the connection and server too, and end up with exactly what we would all like to accomplish. It would just be temporary, but would help those of us who can't yet see the $$$ cost for a dedicated SSL certificate.
Thanks,
CPL

[TimS]

Hi CPL,

Thanks for posting your question. I'm more than happy to help you. I've spent some time researching this topic and as far as I can tell, you cannot define how links are generated separately from the actual 'site url' and 'home' settings. Because you have forced the both fields to change to accommodate the shared SSL you cannot specify something else.

See if this link helps you out:
http://wordpress.org/support/topic/https-ssl-wp_content_url?replies=23

There may be a plugin that will help you out. check out this link. It appears you can set it up to use a shared ssl and specify specific pages to lock down via https:

http://wordpress.org/support/topic/plugin-wordpress-https-what-is-the-purpose-of-the-shared-ssl-option?replies=35

If you need further assistance please feel free to contact us.

thanks!

Tim S