Hawk30100

The problem is that some browsers block connections if you want to load some files from a different domain.

My htaccess had a rewrite rule to forward requests for the wp-login.php to a HTTPS address. I wanted to prevent that it’s possible to establish non-secured connection to the admin login.

Disabling the rewrite for HTTPS-force in my .htaccess file solved the problem. But I guess it would be more secure for my website to force https.. Unfortunately I still don’t get it why your plugin needs access to the wp-login.php.

I just remembered that I secured the access to wp-admin folder with a .htpasswd file.

I have a question, why does your plugin need access to the wp-login.php?

Now I get the following error message:
XMLHttpRequest cannot load https://ssl.webpack.de/smokelowandslow.com/wp-login.php. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘….com’ is therefore not allowed access.

My provider offers me a SSL-Proxy that I’m using for the backend login.
I guess the prevention of the domain mix is a security feature to protect the user. Do you know a solution for that problem? I guess it should have the same problem without a ssl-proxy. https and http mix should be prevented as well.

Thanks for your fast answer.

https://www.smokelowandslow.com/leave-a-message/