SSL and new Update

It seems that with each thing I fix, I always break something else… ??
What was the last version for which it worked?
Could you activate the plugin again, rename to /login and give me a link? Or confirm that that link in the <form> tag is http and not https?

Last version for which it worked is WordPress 3.8.1 + Rename wp-login.php 2.1 ( unless you published two updates this monday. :p ).

My form :

<form name="loginform" id="loginform" action="https://www.0x0ff.info/login/" method="post">
	<p>
		<label for="user_login">Identifiant<br />
		<input type="text" name="log" id="user_login" class="input" value="" size="20" /></label>
	</p>
	<p>
		<label for="user_pass">Mot de passe<br />
		<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
	</p>
		<p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever"  /> Se souvenir de moi</label></p>
	<p class="submit">
		<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="Se connecter" />
		<input type="hidden" name="redirect_to" value="https://www.0x0ff.info/wp-admin/" />
		<input type="hidden" name="testcookie" value="1" />
	</p>
</form>

2.1? The latest version is now 2.2.2 ??

It worked with 2.1 but It not working with 2.2.2, it’s what I meant. ??

I am having the same problem with SSL. It started when I updated to v 2.2.2. I did not deactivate the plugin. I chose instead to revert to an earlier version.

I am offering the following observations to help shed light on the problem:

With v. 2.2.2, I was able to connect to the hidden login page via SSL. After logging in to an insecure admin page(I disregarded the encryption warning), I was only able to use http (non-ssl) in the admin area. If I tried to use SSL I would receive the error message ‘You must log in to access the admin area.’ I discovered this by replacing http with https in the admin area, e.g. https://www.mydomain.com/wp-admin/plugins.php.

To fix this problem, I deleted the Rename wp-login folder from my server and uploaded and activated v 2.2.1 from the list on your developer tab. This version did not work at all. It would not allow me to log in via SSL.

I deleted the v. 2.2.1 plugin folder from my server and tried v 2.2, which did not work either. Then, I uploaded and activated v 2.1.1. Now the plugin is working properly again.

This plugin has been invaluable in preventing brute force attacks on my blog so I intend to use v 2.1.1 until there is a fix for the SSL problem.

Okay, I’ll look for the problem and I’ll try to fix this today. Sorry for the inconvenience.

So based on @0x0ff.info’s form it seems like the URL in the action attribute doesn’t filter properly and is http and the page you’re on is https? Could you try to replace the http with https in the action attribute on the form and see if that works? Thanks.

Found the problem. I’ll update asap.

I don’t know about @0x0ff’s site, but I can’t get SSL to work. My form has https in the action attribute but after logging in it doesn’t stay as SSL. If I click on a link to view another admin page it reverts to non-SSL and I get locked out of my blog.

ETA: I didn’t see your post about finding the problem. I’ll just update when you’ve fixed this.

I think 2.2.3 fixes your problem. Let me know if it works! ??

Unfortunately, I’m still having the same problem with 2.2.3. I can access my hidden login page via SSL, but when I log in, I get the warning about unencrypted data followed by the message telling me that I must login to use the wp-admin area.

I would like to know whether 0x0ff.info (or anyone else who’s having this problem) was able to get v 2.2.3 to work.

I don’t really know what could be causing the problem then. Would it be possible to take a look at your website? You can always mail me to my name without spaces at gmail dot com.

In the form, if a replace :
<form id="loginform" method="post" action="https://www.0x0ff.info/login/" name="loginform">
by :
<form id="loginform" method="post" action="https://www.0x0ff.info/login/" name="loginform">

It’s seems good to me. Perhapse you could check if the login page is HTTP or HTTPS and display the proper form ? ??

So the update didn’t fix your form either? Weird. No, I should really fix this, but I don’t know what’s causing this. I’ll look into this further…

Any update on this? I realize it’s only been a couple of days since your last response, but I wanted to let you know it’s affecting multiple sites I manage as well … version 2.2.3.

Great plugin, by the way! Thanks for creating it.