P.S. I just confirmed that even on a site with a dedicated SSL certificate, the “Back to …” link on the login page uses HTTPS in Version 3.0.1 and HTTP in Version 2.0.4. Apparently the issue has to do with the plugin upgrade, not shared vs. dedicated SSL certificates.
P.P.S. At this point, I’m not sure what’s happening on sites with a dedicated SSL certificate, because Version 3.0.1 of the plugin generates this error message:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 450401856 bytes) in Unknown on line 0
Plugin Author
mvied
(@mvied)
Hey fwchapman,
No, that doesn’t happen to everyone using dedicated SSL certificates. It doesn’t happen to me, otherwise I’d fix it. 😉
If you enable Force SSL Exclusively and the front page isn’t secure, it should revert to HTTP. If not, I’ll look into it.
Thanks,
Mike
Okay, I just found a better way to configure my settings on sites with a shared SSL certificate:
Settings > General > WordPress Address (URL)
http://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME
Settings > General > Site Address (URL)
http://www.SITE_DOMAIN.com
Settings > WordPress HTTPS > SSL Host
SERVER_NAME.HOSTING_COMPANY.com
The key changes from what I posted before are using HTTP instead of HTTPS in the WordPress Address and entering the correct SSL Host in the plugin settings. I think that’s what you had in mind all along, right, Mike?
This solves the original problem I reported with HTTP vs. HTTPS on the “Back to …” link of the login page; however, it causes a new, more serious problem: the Force SSL Administration option no longer forces SSL logins.
P.S. When I use the new settings in Version 2.0.4, everything works perfectly.
Plugin Author
mvied
(@mvied)
Hey Fred,
The Blog URL needs to be the regular, HTTP base path of the site. Site URL should match that. Your SSL Host should be SERVER_NAME.HOSTING_COMPANY.com/~USERNAME. If you want your entire site to be over the Shared SSL, then the Site URL should be changed to https://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME.
If the plugin isn’t functioning correctly with the proper configuration, the answer is not rig it to work, the plugin needs to be fixed. I can’t really support your configuration, it doesn’t make sense.
Thanks,
Mike
Hi Mike,
Thanks for your responses today, and for all your hard work on this plugin. This is the best SSL plugin I’ve found for WordPress, and I use it on all the sites I build for my clients.
When I enter this SSL Host in Version 3.0.1 on a site with a shared SSL certificate
SERVER_NAME.HOSTING_COMPANY.com/~USERNAME
your plugin removes the /~USERNAME and changes it to
SERVER_NAME.HOSTING_COMPANY.com
I’ll keep testing Version 3.0.1 and Version 2.0.4 and let you know what I find out.
Thanks again,
Fred
Great news!
On one of my sites with a shared SSL certificate, I was able to get everything to work with Version 3.0.1. This site doesn’t have a custom domain name yet, so I used
http://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME
for both the internal site path and the external site URL. So far, so good! Next, I’ll try Version 3.0.1 on a site with a shared SSL certificate and a custom domain name.
More test results!
On another site with a shared SSL certificate and Version 3.0.1, I did everything as before, and everything worked. When I changed both site URLs in General Settings from
http://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME
to
http://www.SITE_DOMAIN.com
everything broke very badly. I lost all graphics on both the front end and the administrative back end. The entire site was displayed as text.
If I use the first (longer) form for the WordPress Address and the second (shorter) form for the Site Address, the entire site breaks almost as badly. I see some icons, but the site is still displayed mostly as text.
When I deactivate the plugin, everything returns to normal. The only way I can get everything to work with a custom domain name is to use Version 2.0.4 with the settings I specified four posts ago.
There’s a reason General Settings let’s you specify two different URLs: so that they can be different. The first URL is an internal name for administrative use, while the second URL is an external name for public use. I need SSL only for the administrative back end.
I have to conclude after exhaustive testing that my settings are correct. Something broke when the plugin went from Version 2.0.4 to the complete rewrite that is Version 3.0.1.
Can we please agree on that?
Thanks,
Fred
Quick Clarification
Mike, I should emphasize that with a shared SSL certificate, I don’t care about using SSL on the front end. I want to use SSL only on the administrative back end.
Shared SSL configurations are more complicated than dedicated SSL configurations because shared SSL certificates are more limited. They’re tied to the domain name of the server, not the domain name of the WordPress site, which means you can’t use shared SSL with a custom domain name. That’s okay. I don’t want to do that anyway! I just want to secure the back end.
To secure the back end, the domain name for the SSL host must be the same as the domain name in the administrative URL for the site. Those are the only things that need to match, and I’ve already taken care of that.
The bottom line is that the configuration needed to secure the back end with shared SSL works in Version 2.0.4 but not in Version 3.0.1.
Can you help me with that, please?
Thanks,
Fred
Plugin Author
mvied
(@mvied)
Hey Fred,
I guess my point is that it shouldn’t be necessary to change your Blog URL. I don’t want my users to have to rely on setting the URL in two places. I would rather it work as intended. I’m more concerned about the URL’s being rewritten incorrectly and breaking stylesheets and other elements when your Blog URL and Site URL are at their defaults. That’s not working as intended.
I’d be more than happy to take a look at it myself and see what’s going on. Often times that’s the only way to figure it out.
Thanks,
Mike
Hi Mike,
Thanks so much for your reply and for your kind and generous offer of help!
With a dedicated SSL certificate, things are much easier because all the URLs can keep their default settings. Unfortunately, that’s just not possible with a shared SSL certificate, especially if you want to use a custom domain name to make the front end URLs look pretty.
The shared hosting plans I use include a shared SSL certificate, and that enables me to secure the WordPress back end without the additional trouble and expense of purchasing a dedicated SSL certificate. My solution worked well for me up through Version 2.0.4, and I’d love to get it working with Version 3 of your plugin. I’ll contact you privately through your website so that we can take our next steps.
Thanks again, Mike. You are a prince among plugin developers!!!
Fred
