id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
16823	FORCE_SSL_LOGIN breaks login pages on multisite with subdirectories	dbvista		"For WordPress 3.1 with multisite (subdirectories) and the default .htaccess file, using FORCE_SSL_LOGIN works fine for the main login page (/wp-login.php), but breaks for individual blogs' login pages (/NameOfBlog/wp-login.php). 

This is either a documentation oversight (i.e., FORCE_SSL_LOGIN is not sufficient, you must add .htaccess rules too), or FORCE_SSL_LOGIN should do the right thing.

Basically, https://site.com/nameofblog/wp-login.php produces a 404 if you merely enable FORCE_SSL_LOGIN.

.htaccess is untouched since I installed WordPress:


{{{
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
}}}
"	defect (bug)	closed	normal		Multisite	3.1	normal	invalid	close