id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
16823,FORCE_SSL_LOGIN breaks login pages on multisite with subdirectories,dbvista,,"For WordPress 3.1 with multisite (subdirectories) and the default .htaccess file, using FORCE_SSL_LOGIN works fine for the main login page (/wp-login.php), but breaks for individual blogs' login pages (/NameOfBlog/wp-login.php). 

This is either a documentation oversight (i.e., FORCE_SSL_LOGIN is not sufficient, you must add .htaccess rules too), or FORCE_SSL_LOGIN should do the right thing.

Basically, https://site.com/nameofblog/wp-login.php produces a 404 if you merely enable FORCE_SSL_LOGIN.

.htaccess is untouched since I installed WordPress:


{{{
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
}}}
",defect (bug),closed,normal,,Multisite,3.1,normal,invalid,close,