[Plugin: WordPress HTTPS (SSL)] Activating 3.1.1 causing Fatal Error

Yippee!
It works!
Code geeks like you get my greatest respect.

Couple minor things you probably already know about:

“SSL Admin – FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.”
This warning now appears every time you save the settings, whether ‘Force SSL Administration’ is checked or not.

Some of the css in admin need to be fixed so explanations are moved further away from the checkboxes.

The Force SSL Admin bug doesn’t happen to me. The code that throws the error looks like this.

if ( force_ssl_admin() || force_ssl_login() ) {
	$errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.';
	...

So the only way the error would show up is if WordPress is returning true for either of those built-in functions. So, you must have one of them enabled somewhere.

You are right.
If my wp-config.php is set:

/** Force Admin login to SSL. */
define(‘FORCE_SSL_LOGIN’, true);
define(‘FORCE_SSL_ADMIN’, true);

then the ‘Force SSL Administration’ checkbox is greyed out, (and the error appears).
With v2.0.4, this used to be checked & greyed out, but the error message did not appear.

Delete these lines from wp-config, the error message doesn’t show, and WordPress HTTPS can then be used to force both login & admin over SSL.

But I like to have:
/** Force Admin login to SSL. */
define(‘FORCE_SSL_LOGIN’, true);
define(‘FORCE_SSL_ADMIN’, false);

This is because SSL is slower, and there are too many unsecured elements on my admin page (the plugin ‘Wordfence’ also locks me out because of too many 404s).
But I do prefer my login details being sent encrypted (in Opera; you sometimes see the padlock symbol just momentarily – as you login).

As a feature request; perhaps you could add another checkbox: ‘Force SSL Log In only’

People like me could then choose either: ‘Force SSL Log In only’ or ‘Force SSL Administration’ (without having to fiddle with their wp-config file)

Is this feasible?

Sure, I could add it. Nobody’s asked is really the only reason it’s not there.

Upon further inspection, FORCE_SSL_ADMIN is the only option that conflicts with the plugin anyway. I’ll just remove the warning for FORCE_SSL_LOGIN.

Thanks Mike,

looking forward to the next version release!

Re-download the development version and let me know if that does the trick.

Yep,
Works perfectly – this ones a thumbs-up from me!

Now, if I set my wp-config file as:
define(‘FORCE_SSL_LOGIN’, true);
this shows as greyed out and checked in WordPress HTTPS.

However; if I have: define(‘FORCE_SSL_ADMIN’, false); in wp-config, this is not recognized (and will be over-ruled by) whatever you set here in WordPress HTTPS.

Purists may disagree; but this is completely acceptable by me!

But for sure someone is going to ask: “what should I use – SSL Login or SSL Admin?”
Answer: https://codex.www.ads-software.com/Administration_Over_SSL

Which Should I Use?
FORCE_SSL_LOGIN is for when you want to secure logins so that passwords are not sent in the clear, but you still want to allow non-SSL admin sessions (since SSL can be slow).
FORCE_SSL_ADMIN is for when you want to secure logins and the admin area so that both passwords and cookies are never sent in the clear. This is the most secure option.

But then: “how do I know my login details are sent encrypted when I check: Always use HTTPS when logging in?”
Or: “I can’t see any padlock symbol when I login”.

I have to admit: it would be cool if the plugin could show the padlock symbol where you login, but then took you to the http page in admin.

Past me bothering about, but perhaps for a future release?
https://www.thatsgeeky.com/2012/01/wordpress-ssl-login-page-without-ssl-admin/

Are you saying that your login page is showing up with insecure items? The intent of the plugin is to fix them, but you have to manually fix what it can’t fix.

Naa Mike,
You got me wrong –
That last was simply another hypothetical question someone is sure to ask:

But then: “how do I know my login details are sent encrypted when I check: Always use HTTPS when logging in?”
Or: “I can’t see any padlock symbol when I login”.

This is dicussed at some length here:
https://www.thatsgeeky.com/2012/01/wordpress-ssl-login-page-without-ssl-admin/

For my 2 cents worth: I couldn’t be bothered with this – your latest dev. version is good enough!

Oops! spoke a bit soon.

If I have my wp-config set: define(‘FORCE_SSL_LOGIN’, true);
then this option simply shows as greyed out and checked in WordPress HTTPS – this is correct.

But if I have: define(‘FORCE_SSL_LOGIN’, false); (or this field totally removed) in my wp-config;
Then if in WordPress HTTPS I check the box: “Force SSL Login – Always use HTTPS when logging in”, this box does not stay checked when I refresh my browser.

A minor glitch – to be sure.