Make WordPress Core

Opened 6 years ago

Last modified 22 months ago

#20253 closed enhancement

SSL login in custom port — at Version 2

Reported by: rseabra Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Permalinks Keywords: has-patch ssl https
Focuses: Cc:

Description (last modified by dd32)

From my blog article, http://blog.1407.org/2012/03/18/log-into-wordpress-with-ssl-on-custom-port-if-needed/

In order to login into WordPress with SSL you just need to add the following to wp-config.php:

    define(‘FORCE_SSL_LOGIN’, true);
    define(‘FORCE_SSL_ADMIN’, true);

But that redirects you to https://www.yourDomain.org/. What if you need to redirect into https://www.yourDomain.org:8443/ ? What then?

Well, the following patch will allow you to add a property called CUSTOM_PORT which you will define as your desired port. In case of my small example, 8443 like this:

    define(‘CUSTOM_PORT’, 8443);

Change History (3)

6 years ago

custom port for ssl patch

#1 @rseabra
6 years ago

Yes, I know my description has a bug with the port number, but that's just "description" and I only noticed it after creating the ticket. My blog article has it fixed :)

#2 @dd32
6 years ago

  • Component changed from Security to Template
  • Description modified (diff)

Quick thoughts:

  • Won't work when installed in a subdir (site url returns http://something.com/wordpress/)
  • is_ssl() may not reconise the alternate port in some configurations
  • not all ssl links are generated through that function (unfortunately), there are a number of cases of code such as: wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); (wp-login.php)
  • This could also be achieved using a filter (other than the above case where url's aren't generated with filtered functions)
  • CUSTOM_PORT would be better off named SSL_PORT or similar.

(Pulling out of the Security component since it's not a security issue in WordPress)

Note: See TracTickets for help on using tickets.