Can't login to sub-directory site

What’s in your .htaccess? Yes, I know you didn’t touch it. What’s it got?

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

# Added 21 April 2011 at 1035
# If the user is using https and/or port 443, and not trying to
# login or use the admin pages, then redirect the user to the
# non-secure port 80.
RewriteCond %{SERVER_PORT} ^443 [OR]
RewriteCond %{HTTPS} on
RewriteRule !^(wp-admin|wp-login)(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
# Default rules from WordPress
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

# END WordPress

What happens if you take out the 443 redirect? Just as a test?

I will try to remove the 443 redirects as soon as I can.

The other thing to look into is what SERVER updates have been made in this time.

In the wp-config.php, if I change this line:

define(‘FORCE_SSL_ADMIN’, true);
to
define(‘FORCE_SSL_ADMIN’, false);

then I can see the login page and I can use the “Backend” link as a network admin.

Larry

Did your server make changes to SSL?

No, no changes were made to the server. I am the only person that ever logs into the machine and I know I didn’t do anything with the server.(I know, you heard that line before.) I did look at an fopen issue, but I put eveything back the way it was before I started posting here. Once something is working, I try to leave it be. I know that the security certs are due to expire in October but I don’t see the connection betweeen something that will expire in the future and something that is not working now.

Based on my above post, at least I know the trouble is related to a security thing. I also received a suggestion about looking at our AD Integration plugin. It is an older version and should be updated.

If it is truly a security issue, why doesn’t the page display and then give security errors or warnings? Why would the browser just decide to not display the login page? Anyway, my problem now is to get the instances working again.

If it is truly a security issue, why doesn’t the page display and then give security errors or warnings? Why would the browser just decide to not display the login page? Anyway, my problem now is to get the instances working again.

Hard to say without looking at server logs and error logs.

So, does anyone know why this line,

define(‘FORCE_SSL_ADMIN’, true);

works for the top level site but does not work with subdirectory sites?

Huh. I’m only using it for subdomains (works fine).

Spinning up a tester!

I think I may have found the trouble. Once some users confirm things are working, I will post the solution here.

Larry

Here is the solution for my trouble.

In the htaccess file was this section:
RewriteCond %{SERVER_PORT} ^443 [OR]
RewriteCond %{HTTPS} on
RewriteRule !^(wp-admin|wp-login)(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

The beginning-of-line anchor in the rewrite file causes an infinite loop when using subdirectory sites. This is because wp-admin or wp-login is no longer at the beginning of the line when using subdirectories.

I removed the caret that follows the negation sign and everything seems to be working correctly.

Larry