Admin-SSL plugin gives problems

  • Hi,

    I’m using Admin-SSL 0.64 with WP 2.3.3 to log in through a secure server but something is not working.

    The server is under my desk, running Debian Etch with Apache2, PHP and MySQL from stable repositories. I’m using a private certificate to connect to squirrelmail that works good, therefore I presume the apache configuration should be OK.

    I created a new stanza for the “Virtualhost *:443” exactly equal to the “Virtualhost*:80”, and if I try to conntect to “https://MYSITE/wp-admin” works fine, except that the borwser complains for non secure contents.

    As long as I activate the plugin I’m not able to connect to the admin directory anymore and the browser complains because “the page is not redirected correctly” (translation from italian).

    I also added the rewrite rules described here without success.

    Anybody may suggest me how to debug the problem?

    Thanks in advance
    Jimmi

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Oh boy, this is going to be a long one.

    First remove the SSL re-write rules. Not needed if you use the Admin SSL plugin and I _think_ they wont work.

    For the new Virtual host *:443 make a dummy directory underneath the document root and put any HTML page there. I use phpinfo.php for that.

    Load that page in your browser and validate that the page works in https. Make sure you duplicate your wordpress section in the new SSL portion and try https://your-wordpress-blog-url-here/

    If that loads your wordpress blog (ignore any insecure portions warning you might get) then SSL is good for your blog.

    Now activate the Admin SSL plugin and that ought to work.

    If you are concerned about the portions of your pages that are loaded as http: and not https: then

    Look at the source of your admin pages after you login using the Admin SSL plugin in and do a search for

    src=http:

    Try disabling all the plugins except Admin SSL and clear your cache on the browser.

    On my blog, the non https portions are loaded from two plugins for loading javascript components. The plugins are Simple Tags and Viper’s Video Quicktags plugin.

    I’m not worried and when I disable those two plugins then even Internet Explorer is satisfied that the page is 100% SSL.

    I hope that helps,

    Jan Dembowski

    Thread Starter Jimmi

    (@jimmi61)

    First remove the SSL re-write rules. Not needed if you use the Admin SSL plugin and I _think_ they wont work.

    For the new Virtual host *:443 make a dummy directory underneath the document root and put any HTML page there. I use phpinfo.php for that.

    Load that page in your browser and validate that the page works in https. Make sure you duplicate your wordpress section in the new SSL portion and try https://your-wordpress-blog-url-here/

    This I tested already and works perfectly

    Now activate the Admin SSL plugin and that ought to work.

    No, it doesn’t ?? The browser hangs for some 20-30 seconds then the same error.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Weird. I’ve had very few problems with that plugin. Are there any messages is Apache’s error_log? And do you see the wp-admin/login.php in the access_log?

    The only thing that sounds different for my setup is that I’m using <VirtualHost _default_:443> in my apache conf file.

    Can you enable the plugin and try this:

    telnet your webserver on port 80 and tee the output to a file (telnet your-server 80 | tee log.txt) and type

    GET /blog/wp-login.php HTTP/1.0

    This is if your blog is off of /blog. Hit enter twice and you should get some text.

    If you look at the log.txt file you should see

    HTTP/1.1 301 Moved Permamently

    at the top. If that happens then the first part of the plugin is working.

    Now please disable the plugin by moving the admin-ssl.php file out of wp-content/plugins.

    On my system I can run https://blogurl/wp-admin/ without the plugin.

    Does that work and generate log file entries?

    Thread Starter Jimmi

    (@jimmi61)

    No errors in the errors.log

    With the plugin active I may still reach the login page, either http-https://mysite/wp-login.php, the problems start after pressing the login button.

    I changed *: to _default_: in any stanza, 80 or 443, without apparent changes.

    telnet your webserver on port 80 and tee the output to a file (telnet your-server 80 | tee log.txt) and type

    GET /blog/wp-login.php HTTP/1.0

    Gives me “HTTP/1.1 200 OK”. When I try to access the admin console I get in access.log:

    “GET /wp-login.php?action=logout HTTP/1.1” 302 – “-” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080213 BonEcho/2.0.0.12”

    Now please disable the plugin by moving the admin-ssl.php file out of wp-content/plugins.
    On my system I can run https://blogurl/wp-admin/ without the plugin.
    Does that work and generate log file entries?

    Yes. it does, but always complains for non protected contents. Is this as safe as running the plugin?.

    Thanks again for your help
    Jimmi

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Well I don’t know why the Admin-SSL plugin is not working but the non-protected content should be okay depending on what it is.

    Looking at your page source after you login to the admin page should tell you what portions are not SSL. Search for src=”http: to see it.

    I’ve never captured traffic from the blog using SSL but if you run the command “tcpdump -w file.pcap” while admining your blog and then load that file into Ethereal then you should be able to see whats being transmitted in the clear.

    Good luck,

    Jan Dembowski

    zebmacahan

    (@zebmacahan)

    Greetings!

    May we add another problem we are experiencing with the two software versions in this thread, i.e. WordPress 2.3.3 and Admin-SSL 0.64. We cannot login, but get the error message: “ERROR: WordPress requires Cookies but your browser does not support them or they are blocked.”

    Any suggestions on a remedy (other than simply deleting the admin-ssl.php file and do a non SSL login). ??

    Best Regards

    //ZM

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Admin-SSL plugin gives problems’ is closed to new replies.

Tags