srhoffman

So it may be too late for the OP but for the rest of the internet that cares about this issue…

We were able to resolve this as follows: because we are paranoid and wanted to make sure that if anyone inadvertently went to our wordpress instance over http they’d be redirected to https via mod_rewrite… The problem, though, is that when our default instance of WP was created, the admin used a wordpress address and base address of https://url.of.site instead of https://url.of.site so this module pulls that wp_plugin_url address of http, gets rewritten to https and leaves the post data behind.

We only stumbled on this when I changed the method from post to get in the admin.php file and updated the corresponding vars in test.php to be _REQUEST instead of _POST…the way we have mod_rewrite configure the original URI request is rewritten which, when using a GET method, included the username and password in the string (I AM NOT CONDONING THAT…was just testing). The correct fix for us was to update the general settings of the wordpress urls to be https and it worked immediately.

You could easily verify you have the same issue by verifying if the value of the url in your address bar is an https address but right click and view source of the page and see if it’s trying to submit the form to an http address.

Hope this helps someone!

Steve