Forced Secure Admin in Production
-
I have a WordPress site running on App Engine with a custom domain. As soon as I activated this plugin, I was shown “SSL connection error”. I had not activated SSL for my domain and wasn’t planning to. I noticed the plugin contains the following lines in the Core module,
add_filter( 'secure_auth_redirect', '__return_true' ); force_ssl_admin( true );Once I commented out these lines and reuploaded the plugin, I was good to go. Obviously this isn’t ideal from a security standpoint, but it would be great if this requirement was either removed or included in the documentation. Also I thought I would mention that the tutorial, “Running WordPress in AppEngine” includes “secure: always” next to the url handlers for admin pages.
- The topic ‘Forced Secure Admin in Production’ is closed to new replies.
