seregon

Hi ccolotti.

Needless to say, this was a while ago, so I’m working from memory after re-reading this thread. IIRC, I didn’t have to configure anything in Bluehost. I tried a few things in WordPress, though mostly I ended up reverting them as the WordPress HTTPS plugin fixed everything for me and rendered my changes moot.

The big thing is if you’re trying to use their shared SSL, you have to access your site as in the sample URL I posted above, i.e.:

https://secure.bluehost.com/~username/blog/

where username is whatever you use to login to your cPanel. If you are using the shared SSL, you can’t really get it to work with an add-on domain. That is, it won’t display your domain in the address bar. The only way to do that would be to buy your own SSL cert (which was needlessly expensive in my case).

I can confirm this is fixed for me in 1.9.2, and it’s being more stable in general with my SSL. Excellent, excellent work & many thanks. I have updated the other thread as well.

Incredible. All solidly fixed in v 1.9.2.

Have I mentioned how strongly I recommend the WordPress HTTPS plugin?

Mvied:

No. I forgot to update this a third time, but in fact that was a weird error with cache/cookies. It does now work with or without “Remember Me” checked.

I did eventually deactivate this WordPress plugin, due to a few things not working. But I don’t think that it’s a problem with the plugin (save for maybe one thing), so much as a problem with my extremely limited SSL setup.

I’m a privacy nut and I’d prefer to be on HTTPS more often than not. Performing admin functions over SSL has some appeal to me. But my shared SSL connection is limited by both bandwidth and the rate of individual requests. Preview links, uploading pictures, and several other crucial functions do not work for me over SSL (nor do I believe they ever will under this arrangement).

However, I also can’t seem to just login over SSL (at least encrypting the transmission of my password) and then switch back to unencrypted. Every time I make that switch I’m asked to log in again, period. I can’t do an unencrypted admin session without sending my password unencrypted at least once. That’s disappointing and something I wish I could fix.

Mvied:

That sounds reasonable. Naturally, I’m not all that familiar with WordPress yet or how your plugin works, but your solution sounds intuitively correct. I look forward to the fix, particularly as letting the public on my shared SSL could be somewhat of a security risk.

(The URL for my shared SSL is https://secure.webhost.com/~username/, where that username cannot be changed and can be used for several different kinds of access.)

UPDATE

Temporarily disabling both the Shared SSL options allowed me to set my permalinks back the way I wanted, which continued to “stick” after I re-enabled them.

I’m not sure how permanent this workaround is yet, though it’s working so far. I also don’t suspect this would work if I were using custom permalink settings, because I believe they would be overwritten by the garbage settings I noted above.

It’s also a bit of an annoying workaround if you ARE on SSL, because you have to navigate the dashboard with no CSS unless your browser’s cache saves you!

UPDATE 2

I finally got this sorted out using the WordPress HTTPS plugin [version 1.9.1 on WP 3.2.1]. It has a setting for using a different URL for shared SSL, which is all I need. As an important note, this only works if you check “Remember Me” when you log into Dashboard. Otherwise, you will still have the 404 error.

As an aside, I also tried the Shared SSL plugin, and it did not work. In fact, it appeared to do nothing at all.

Hope this helps someone in the future. I’ll stay following this thread in case anyone else has questions about my experience.

UPDATE

My hosting provider has provided more info to shine some light on this situation. Basically, the conflict is coming from WordPress respecting, in all cases, the setting I have defined for its URL — in my case, the subdomain. In general, this is what I want. It’s certainly what I want readers to see.

But obviously this will not work for a secure (SSL) login. Is there a plugin or something to make WordPress distinguish between the URLs for http & https access?

First of all, thank you for the response.

I am aware of those settings in wp_config.php. As a matter of fact, I’ve already experimented with them. However, it doesn’t address my problem.

As mentioned in my 4th paragraph above, I’m getting 404 errors when connecting over SSL due to automatic redirects used by the shared SSL configuration on my server. Thus, whether I connect over SSL “manually” (by visiting the wp-admin URL over https) or force it with wp_config settings, the reuslt is the same.