Applying SSl to Wordpress 3.0 across multiple sites WordPress
- SOLVED
I think I've tried everything that's in the Codex - http://codex.wordpress.org/Administration_Over_SSL
When I keep things simple and just add the force login line to wp-config, it works fine for my root blog. I visit http://blogs.mysite.com, hit the login link, and bang, redirected to https and I can login securely.
My dashboard is also secure, being at https://blogs.mysite.com/wp-admin/profile.php but I am only using the define('FORCE_SSL_LOGIN', true); line...is this symptomatic of an .htaccess issue or is this as should be expected?
My problems start when I try to visit another blog on my network. As soon as I force secure login, any attempt to login to https results in a 404 page.
If I login as admin at the root blog, then try to visit the dashboard for one of the other blogs, I also get a 404.
I will gladly reward my saviour!
.htaccess file
RewriteEngine On
RewriteBase /
#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin$
RewriteRule ^(.+)$ $1/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule . - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>
Jim
EDIT - I am getting the standard Apache 404 page.
Answers (3)
Oleg Butuzov answers:
can you turn on debug file for the mod_rewrite?
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritelog
basicly if you got wp 404 - rewrites works and we need to solve situation o wp. but if you getting standard apache 404 looks like wp rewrites disabled and httaccess dosn't work.
anyway debug log for mod_rewrite is first step to solve issue.
Oleg Butuzov comments:
so... rewrites dosn't work =)
my mail in my profile page. also i have sent you a message through this website. contact me to fix it.
Oleg Butuzov comments:
oh. can you also check is there a virtual host created for https for a hosted blogs? or even is there setuped secure 443 port for the child domains? i belive there is 80 setuped, bit as i know administration of the apache - you need to setup it too. can you check settings?
intbac comments:
Hi Oleg,
thanks for the suggestion. Turning on debug now. We are getting standard Apache 404 pages.
Oleg Butuzov comments:
Jim read my last message. Seams you need to setup wildcard domains for the 443 port wich is secure connection.
something like this....
< VirtualHost 10.200.2.15:443 >
ServerName v3.mysite.com
ServerAdmin [email protected]
DocumentRoot "/Library/WebServer/Documents"
Oleg Butuzov comments:
sorry this is correct tutorial url
http://www.techcuriosity.com/resources/webhosting/wildcard_hosting.php
intbac comments:
Ok going to try this now.
Oleg Butuzov comments:
mod_rewrite dosn't work in ssl section.
add this to visrtual host.
<Directory /mnt/nfs-fs/htdocs/testblogs.ibo.org/ >
AllowOverride FileInfo Options
Options Indexes FollowSymLinks
</Directory>
Ipstenu answers:
Have you tried http://wordpress.org/extend/plugins/admin-ssl-secure-admin/ ? It says it works for WPMU. Mind, I'd try the dev version from http://wordpress.org/extend/plugins/admin-ssl-secure-admin/download/ first.
intbac comments:
Hello, yes I have but I get the same error when it redirects me to the https page.
Rashad Aliyev answers:
Define it at your .htaccess file.
RewriteRule ^/wp-admin/(.*) https://www.mysite.com/wp-admin/$1 [C]
RewriteRule ^/wp-admin/(.*) https://www.mysite.com/wp-admin/$1 [C]
If still doesn't work and if you're using WPMU then recommended not shared host. If you're using shared host then setup Wildcard DNS.
P.S: some shared hosting doesn't support wildcard.