WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#16823 closed defect (bug) (invalid)

FORCE_SSL_LOGIN breaks login pages on multisite with subdirectories

Reported by: dbvista Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.1
Component: Multisite Keywords: close
Focuses: Cc:

Description

For WordPress 3.1 with multisite (subdirectories) and the default .htaccess file, using FORCE_SSL_LOGIN works fine for the main login page (/wp-login.php), but breaks for individual blogs' login pages (/NameOfBlog/wp-login.php).

This is either a documentation oversight (i.e., FORCE_SSL_LOGIN is not sufficient, you must add .htaccess rules too), or FORCE_SSL_LOGIN should do the right thing.

Basically, https://site.com/nameofblog/wp-login.php produces a 404 if you merely enable FORCE_SSL_LOGIN.

.htaccess is untouched since I installed WordPress:

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

Change History (3)

comment:1 dbvista3 years ago

(Following up my own ticket)

This is not a bug, but docs should be updated to avoid confusion for other users.

The problem is that our name-based virtual host set up in Apache was set up only for port 80, so the .htaccess file (and its mod_rewrite rules) was being ignored for SSL pages.

The docs for FORCE_SSL_LOGIN should be updated to advise the user about this situation, and to give an example solution like this for httpd.conf:

NameVirtualHost *:443
<VirtualHost *:443>
    ServerName site.com
    <Directory "/var/www/html">
    AllowOverride FileInfo Options
    </Directory>
</VirtualHost>

comment:2 tmoorewp3 years ago

  • Keywords close added

http://codex.wordpress.org/Administration_Over_SSL

Looks to me like the Codex already indicates that the server needs to be set up correctly. There are some examples already, but any user can update the Codex if you want to add more.

Marking this ticket to be closed.

comment:3 ocean903 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.