WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 2 years ago

#18680 closed enhancement

Make SSL login-only possible (while leaving admin unencrypted) — at Version 3

Reported by: multimule Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.2.1
Component: General Keywords:
Focuses: Cc:

Description (last modified by nacin)

There are two options to be set in wp-config.php to enforce secure connections.

With the following configuration, the login AND the backend will be done via SSL:

define( 'FORCE_SSL_ADMIN', false ); // or true
define( 'FORCE_SSL_LOGIN', true );  // or false

As those are 'FORCE' parameters, one might consider it correct that, even though one is set to 'false', both will be via HTTPS.

However, WordPress is currently missing an option to have ONLY the login data sent encrypted and go on to the admin interface via a normal (non-encrypted) connection. That scenario requires additional redirections on the webserver.

Change History (3)

comment:1 in reply to: ↑ description @multimule4 years ago

The two defines got screwed up by trac:

define( 'FORCE_SSL_ADMIN', false );

define( 'FORCE_SSL_LOGIN', true );

comment:2 @johnbillion4 years ago

  • Cc johnbillion@… added

comment:3 @nacin4 years ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.