WordPress.org

Make WordPress Core

Opened 7 weeks ago

#42833 new defect (bug)

Wordpress forces non-ssl login in described circumstance even though FORCE_SSL_ADMIN is set in wp-config

Reported by: geomouchet Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.1
Component: Administration Keywords:
Focuses: Cc:

Description

Wordpress provides an http login page in this circumstance:

  1. Put the following in wp-config.php: define('FORCE_SSL_ADMIN', true);
  2. Log into your Wordpress site via wp-login.php with an admin login.
  3. Click Visit Site (home icon) at the top of the page.
  4. Open a new brower tab.
  5. Log into your Wordpress site in the new tab via wp-login.php.
  6. Go back to previous tab.
  7. Click on Edit Page.

It then displays the login box with http instead of https. (Ideally it would not require a new login at all, but instead would use the session from the new tab.)

Change History (0)

Note: See TracTickets for help on using tickets.