admin管理员组文章数量:1122832
I am developing a site that has an SSL certificate. I've activated wp-admin being conducted over https (using define('FORCE_SSL_ADMIN', true); in wp-config.php).
It's created a lot of issues using wp-admin.
1) Whilst doing things in wp-admin I'll regularly get a message saying the session has expired. As far as I can tell, this mostly happens when jumping from one admin page (url) to another page (url).
2) In Chrome I'll often see a little silver shield in the address bar indicating there are "unsafe scripts" the page is trying to load. I have to then manually tell it to load those scripts (I gather these are scripts wp-admin is trying to load over http, rather than https).
3) Some pages load fine with full HTTPS support (no mixed content) and the EV greenbar, etc. But other pages (in admin) will generate mixed content errors. It seems to be that when switching from a URL with mixed content errors over to one with no such errors (or vice versa) this is when the session expiration issues occurs (not 100% sure about that, but certainly looks that way).
On the front end I used whynopadlock to show me which resources were loading over HTTP when using HTTPS, and fixed them (it was simply images in posts, etc.). But since wp-admin requires one to log in, I don't have that option available.
I have two questions:
Q1) Is there a recommended way to get wp-admin to work correctly over SSL?
Q2) What's a recommended way to troubleshoot why wp-admin over SSL is so unstable? (meaning it works on some admin pages, breaks on others, and causes session expiration on others).
Thank you,
Jonathan
I am developing a site that has an SSL certificate. I've activated wp-admin being conducted over https (using define('FORCE_SSL_ADMIN', true); in wp-config.php).
It's created a lot of issues using wp-admin.
1) Whilst doing things in wp-admin I'll regularly get a message saying the session has expired. As far as I can tell, this mostly happens when jumping from one admin page (url) to another page (url).
2) In Chrome I'll often see a little silver shield in the address bar indicating there are "unsafe scripts" the page is trying to load. I have to then manually tell it to load those scripts (I gather these are scripts wp-admin is trying to load over http, rather than https).
3) Some pages load fine with full HTTPS support (no mixed content) and the EV greenbar, etc. But other pages (in admin) will generate mixed content errors. It seems to be that when switching from a URL with mixed content errors over to one with no such errors (or vice versa) this is when the session expiration issues occurs (not 100% sure about that, but certainly looks that way).
On the front end I used whynopadlock.com to show me which resources were loading over HTTP when using HTTPS, and fixed them (it was simply images in posts, etc.). But since wp-admin requires one to log in, I don't have that option available.
I have two questions:
Q1) Is there a recommended way to get wp-admin to work correctly over SSL?
Q2) What's a recommended way to troubleshoot why wp-admin over SSL is so unstable? (meaning it works on some admin pages, breaks on others, and causes session expiration on others).
Thank you,
Jonathan
Share Improve this question edited Mar 21, 2016 at 3:35 omega33 asked Mar 21, 2016 at 1:07 omega33omega33 3646 silver badges20 bronze badges 1- 1 Why not turn SSL on for the entire site? – Nathan Powell Commented Mar 21, 2016 at 4:04
3 Answers
Reset to default 0You must check all the files you load within the admin pages (including files loaded from plugins); they should be loaded over HTTPS. WordPress takes care about the files it loads itself, but it doesn't control if you or your plugins load resources over HTTP; you must fix it.
To find the resources loaded over HTTP you can use the Console log of Chrome or Firefox developer tools.
Also, there are some instances of wp-admin that loads resources from front-end. For example, the customizer is in the admin side but the preview is a iframe of the front end. If you have SSL only on admin, you can end up with troubles.
The best thing you can do is to use HTTPS in the entire site. It will be more stable, your users will love it and search engines will love it.
Another way to fix this is enable wp_debug as it will get you into the WP Admin area and then you can install the Really Simple SSL Plugin and activate...This will help with any mixed-content or session expired warning you're getting on your WordPress website.
WordPress's system uses shared scripts and resources between Backend and FrontEnd, you should not use SSL only for WP-ADMIN. It will create many kinds of unforeseen complications. You can also find the HTTP links by viewing the page source and search for the string http://
The best practice is to move the entire site into HTTPS.
- Make sure WP-Admin/Settings screen is set to https:// for both site links (WordPress Address and Site Address field)
- You can make a backup of the DB in SQL format - Find and Replace all the occurrences of HTTP --> HTTPS using a text editor then re-upload and overwrite the DB. Please keep a backup of the Original DB.
- Create/modify apache/nginx config file to redirect all normal HTTP traffic to HTTPS - Here: How to force your site to redirect to https (SSL) or How to Redirect HTTP to HTTPS In Apache & Nginx? (.htaccess & .conf)
- For any future instance, install the Really Simple SSL plugin - explained here - How To Fix Mixed Content Issue For WordPress
Optional:
If you really want a fast performing HTTPS site, make use of AutoOptimize, WP Fastest Cache and CloudFlare together. Then, Use WP-Optimize to tackle all the database overhead.
本文标签: Mixed content and expired session issues with SSL and wpadmin
版权声明:本文标题:Mixed content and expired session issues with SSL and wp-admin 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736294218a1929309.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论