Comments on: WordPress SSL Plugin Secure-Admin patched and working!

By: Jan Dembowski

Jan Dembowski — Fri, 12 Jan 2007 13:36:25 +0000

I will kick this around, but on my wp 2.0.6 installation is looks like it works.

Much thanks! I always wanted SSL admin in Wordpress!

By: Haris

Haris — Fri, 12 Jan 2007 13:43:07 +0000

You’re welcome! Glad to hear it’s working

By: Juergen Kreileder

Juergen Kreileder — Fri, 12 Jan 2007 15:54:18 +0000

Haris, thanks for the pointer! I didn’t follow the secure-admin development.

By: Haris

Haris — Fri, 12 Jan 2007 16:01:14 +0000

Hi Juergen, no probs.

I’ve been using your blog to learn about WordPress and Linux in general, cheers for dropping by!

By: CIO Jerry

CIO Jerry — Sat, 13 Jan 2007 03:34:05 +0000

This won’t work when you happen to have your blog as a name-based virtual host in Apache or elsewhere. Once you activate the plugin, you won’t be able to access the /wp-admin/ page to deactivate it. To fix, simply removing the plugin php file off the /wp-content/plugins directory, then hit ‘reload’ on the browser.

By: Haris

Haris — Sat, 13 Jan 2007 10:06:32 +0000

Yes, an SSL setup using a name based virtual host that does not have an equivalent URI to the unsecure site will not work.

The plugin translates addresses by simply changing ‘http’(://unchanged.com) to ‘https’(://unchanged.com)

Thanks for bringing that up Jerry

By: Don

Don — Mon, 15 Jan 2007 02:14:22 +0000

Your analysis of securing the wp-admin is dead on. I ran into the same problem you described and was delighted to see someone else ran into the same limitations with the other plugins and options.

Your plugin resolved my situation. Just wanted to say thank you very much!

By: Haris

Haris — Mon, 15 Jan 2007 09:54:44 +0000

Glad it’s working well for you Don!

It’s also reassuring for me to know that others have experienced the same issues.

Makes it all the more worthwhile to make a solution available.

By: Haris

Haris — Tue, 16 Jan 2007 20:29:23 +0000

Just installed WordPress 2.0.7 and briefly tested with the plugin. Seems OK!

If anyone experiences any issues please post a comment.

By: Sam

Sam — Wed, 17 Jan 2007 15:16:27 +0000

Does this plugin do anything besides rewrite URL’s? If not, wouldn’t simply setting the WordPress address to https://yoursite.com/wp and the Blog address to http://yoursite.com/wp achieve the same thing? Everything *appears* to go over the SSL link, but maybe there’s something I’m missing on the backend…

Also, this plugin does not work when installed into the plugins directory of wordpress that’s available in the Debian repositories (2.0.6). After activating the plugin, every page it returns is an empty page, and the only way to get back in is to delete the plugin.

By: Haris

Haris — Wed, 17 Jan 2007 18:22:40 +0000

Hi Sam,

>>> Does this plugin do anything besides rewrite URL’s?

Rewriting URLs is a minor feature of the plugin. There’s much more happening on the backend.

I don’t know if you have a facility to stack trace the server calls. If you have, simply call the login page in https (without the plugin) and login. Watch what happens on the backend, there are http calls all over the place. The plugin takes care of this.

The plugin ensures that other elements of the page are also re-written to https, therefore avoiding the mixed content warnings that one gets from the browser when https pages containing http elements are loaded.

The login page is in the same directory as the blog. Therefore you cannot simply apply https to the admin folder as the transfer of login details would be happening on the http side. The plugin takes care of this.

The plugin also ensures cookies are forced over SSL. Cookie contents are scrambled and so anyone trying to view cookies with the intention of stealing user details see gibberish.

>>> This plugin does not work when used with a Debian repository install of Wordpress 2.0.6

Thanks for the info, unfortunately I don’t have Debian Linux setup to run a test. You might want to try out a manual installation of the current stable release, 2.0.7. which should work fine.

Hope that helps.

By: Freakitude Technology Blog » Blog Archive » Hot Picks - January 18, 2007

Thu, 18 Jan 2007 13:49:44 +0000

[…] WordPress SSL Plugin - Secures wp-admin/wp-login using an available Private SSL certificate. Encrypts cookie contents. […]

By: al:x

al:x — Mon, 22 Jan 2007 20:45:00 +0000

Hello,

I was looking for this plugin for a long time already. Until now I was playing with some custom rewrite rules, which didn’t work that great.

However, I have a problem if used together with the gallery plugin (see http://wpg2.galleryembedded.com/index.php/Main_Page). However, if I add the tag to include a picture in one of my posts, the preview on the edit page remains blank. If I remove the tag again, the preview works perfect.

Anybody seen this before?

al:x

By: Haris

Haris — Mon, 22 Jan 2007 23:09:55 +0000

Just installed and tested the latest stable release of WordPress 2.1(Ella) released 30mins ago. The plugin seems to be holding up!

I haven’t run any extensive tests so if anyone experiences any issues please post a comment.

PS. @ Al:x; just sent you an email.

By: al:x

al:x — Tue, 23 Jan 2007 21:10:49 +0000

Ok, I guess I found the cause of my problem. php_value memory_limit was not set in the SSL virtual host config (for the gallery plugin this needs to be at least 16M). As by your plugin everything was forced over SSL now, this abviously became a problem.

By: FinD

FinD — Thu, 25 Jan 2007 16:53:10 +0000

I just installed the plug in into WordPress 2.0.7 and am getting the following error on activation

[www.domain.com] has sent an incorrect or unexpected message. Error Code -12263.

By: blog:x » Blog Archive » sicherheit

blog:x » Blog Archive » sicherheit — Thu, 25 Jan 2007 19:21:43 +0000

[…] Nachdem ich mit meinem rewrite hack mehr schlecht als recht secure-ge-wordpressed habe, habe ich nun mit Hilfe des gepatchten Secure Admin Plugins einen auf den ersten Blick deutlich eleganteren Weg. […]

By: Haris

Haris — Thu, 25 Jan 2007 20:15:09 +0000

Hi FinD,

WordPress 2.0.7 should work fine.

Error 12263 points to a problem with the SSL setup on the server.

“SSL received a record that exceeded the maximum permissible length.”

This generally indicates that the remote peer system has a flawed implementation of SSL, and is violating the SSL specification.

If you are running your own web server the following will help:

http://www.helicontech.com/forum/forum_posts-TID-6150.htm
http://www.howtoforge.com/forums/showthread.php?t=9665
http://virtuemart.net/index.php?option=com_smf&Itemid=71&topic=24508.0

If you are on a hosted server this is an issue your host should resolve for you.

To de-activate the plugin whilst you resolve the issue simply delete it from the /plugins/ directory.

By: Wordpress Secure-Admin Plugin at fredericiana

Wordpress Secure-Admin Plugin at fredericiana — Sun, 28 Jan 2007 22:37:18 +0000

[…] After a little research however I found the Wordpress Secure Admin Plugin which is infinitely easy to install and does exactly what it should: It makes sure all URLs in the admin interface are HTTPSed, re-enabling me to log into my blog encryptedly. It also encrypts the login cookie now, reducing the risk of session hijacking. […]

By: felixtriller.de » https zum letzten…

felixtriller.de » https zum letzten… — Wed, 07 Feb 2007 19:22:13 +0000

[…] jetzt davon abgewendet von einer permanenten Verschlüsselung Gebrauch zu machen. Das Plugin Secure-Admin hilft einem wenigstens das Backend sicher zu […]

By: Siberia » Blog Archive » Wordpress 2.1

Siberia » Blog Archive » Wordpress 2.1 — Sat, 10 Feb 2007 15:38:43 +0000

[…] Well, the title is pretty self-explanatory. I’ve updated wordpress to version 2.1. It holds some pretty good new stuff, mostly in the admin area. One thing which I found lacking was ssl support in the admin area. The problem was quickly solved by using the secure-admin plugin. Can be found here: http://haris.tv/2007/01/11/wordpress-ssl-plugin-secure-admin-patched-and-working/ […]

By: Lopo

Lopo — Thu, 15 Feb 2007 06:28:31 +0000

Hi,

Nice plugin. Thanks a lot.

Does this work with WordpressMu?

Best

By: Haris

Haris — Thu, 15 Feb 2007 11:01:06 +0000

Hi Lopo, thanks, you’re welcome,

I have never worked with MU so can’t say.

Someone else may have though?

By: Amadeo

Amadeo — Tue, 20 Feb 2007 00:40:39 +0000

Hi…

Will this plugin work with a shared SSL certificate?

Thanks.

By: Haris

Haris — Tue, 20 Feb 2007 08:16:50 +0000

No, you need a private SSL certificate in order to use the plugin.

Before activating the plugin, you can test if you have the correct setup by typing in your blog address with https instead of http.

If the browser displays your site, you can use the plugin, if it doesn’t, you don’t have the correct setup.

By: Doug

Doug — Fri, 23 Feb 2007 09:34:32 +0000

I found it would not work on my wordpress blog hosted on lunarpages. Could anyone recommend a hosting service to me that I could easily use this SSL plugin? Are there hosting services that have the certificate as part of the deal. I need this so badly but am not sure what host or services to get the thing working. thanks.

By: Haris

Haris — Fri, 23 Feb 2007 10:33:15 +0000

Doug,

Looking at Lunarpages, I don’t see that any of the plans include a private SSL certificate as standard. The business plan includes ‘Free SSL Installation’ but this doesn’t mean that they include the certificate.

this should help:
http://desk.lunarpages.com/faq.php?do=article&articleid=51

Also bare in mind that you need a private(or personal) SSL certificate NOT ’shared’.

By: Diana

Diana — Fri, 23 Feb 2007 16:16:13 +0000

Doug,

I use Lunarpages, and we have an SSL certificate purchased from Thawte. It works just fine with this plugin. You need a privately purchased SSL certificate.

By: Brady J. Frey

Brady J. Frey — Thu, 08 Mar 2007 22:34:21 +0000

Just noting, it seems to work just fine on the current wordpress, using it on my e-commerce site

thanks for the great plugin:)

By: My-WhiteBoard’s Favorite WordPress plugins | my-whiteboard

My-WhiteBoard’s Favorite WordPress plugins | my-whiteboard — Sat, 10 Mar 2007 01:12:45 +0000

[…] Secure Admin […]

By: alon

alon — Sat, 07 Apr 2007 00:32:59 +0000

Hello, My domain.com site is hosted on a shared hosting plan. the hosting company allows us to use a shared certificate (assigned to the server DNS name - servername.domain.com). So if i want to access my site over SSL i can use https://server.domain.com/accountname versus http://mydomain.com. Would it be possible to make this plugin work with two different URLs, one used for HTTP and the other for HTTPS.

By: Haris

Haris — Mon, 16 Apr 2007 12:58:29 +0000

For anyone that previously experienced a blank screen with PHP 5.2.1, this has now been resolved.

For those that are interested; the problem was due to a change in PHP 5.2 that causes a fatal error in cache.php (any wordpress plugins that pass content through a filter will also suffer the same fate).

I’ve implemented a fix that forces the cache flushing before the termination of the object.

The current version is now 0.2 (59)

Enjoy!

By: Haris.tv » Secure-Admin now supports Shared SSL!

Haris.tv » Secure-Admin now supports Shared SSL! — Thu, 19 Apr 2007 15:54:24 +0000

[…] modify the Secure-Admin code to cater for those that wanted to add SSL security without the need for extra requirements […]

By: Haris

Haris — Thu, 19 Apr 2007 16:34:02 +0000

I’ve just uploaded version 0.2(60) of Secure-Admin that now supports Shared SSL setups as well as Private SSL.

The setup is identical as it was before but with the addition of an extra step for Shared SSL setups.

The code is written to allow for any type of Shared SSL url.
The following are examples:

To define the url provided by your host simply populate the variable $secure_url in secure-admin.php with the address.

Please ensure that the address includes the root wordpress folder. eg:

$secure_url=”https://shared_ssl.com/username/wordpress/”

@alon, Enjoy!

By: Jon

Jon — Sat, 21 Apr 2007 05:36:07 +0000

Works Great! Thanks for taking care of the cache issue with PHP 5.2

By: Die besten WordPress Plugins - Administration » Tipps zur Suchmaschinenoptimierung

Sat, 21 Apr 2007 14:22:46 +0000

[…] Admin SSL / Secure-Admin Plugin Secures wp-admin/wp-login using an available Private or Shared SSL certificate. […]

By: Paul

Paul — Sat, 26 May 2007 10:26:02 +0000

Hi Haris,
Thanks for you expertise on this plugin. I have installed the latest from your site and I’m still getting an error of “You don’t have permission to access /wp-admin/ on this server”. Are there any additional steps that needs to be done by me?

By: Haris

Haris — Sat, 26 May 2007 10:56:59 +0000

Hi Paul,

First of all it’s important to determine whether you are setup for using the plugin.

With the plugin de-activated, you should be able to access your blog using a https:// prefix. clicking on any links will return you back to http:// but at least you can determine whether the https:// counterpart is setup.

I suspect that you will get the same message without the plugin. This may be due to your permission settings with your host.

If you still can’t resolve it, contact me via the contact form and I’ll try to help you further. If you include any IM details we can have a live chat.

Haris

By: New Improved Musings

New Improved Musings — Sat, 02 Jun 2007 02:39:17 +0000

Encrypting WordPress Administration…

I’m not overly concerned about the security of this blog. There is no mission critical data here, but I am interested in encryption and using SSL. It makes sense to me, to force all use of the wordpress administration interface over SSL. I tho…

By: BlogSecurity » http versus https

BlogSecurity » http versus https — Sun, 16 Sep 2007 00:12:20 +0000

[…] with your hosting provider to see if your blog supports SSL, then you can use the WordPress Admin SSL plugin to ensure that you always access your admin panel over an encryped […]

By: Wordpress SSL Admin plugin (patched) | Mostly Harmless

Wordpress SSL Admin plugin (patched) | Mostly Harmless — Wed, 26 Sep 2007 02:58:19 +0000

[…] at Haris.tv this gentleman fixed the plugin and released a patch version of it which works with 2.0.6 as well […]

By: pawan

pawan — Fri, 04 Apr 2008 22:19:44 +0000

I worked for me as well. Thank you very much.

By: Haris.tv

Haris.tv — Sat, 23 Apr 2022 08:37:06 +0000

Unlimited Proxies…

I found a great……

By: Haris.tv

Haris.tv — Sat, 21 May 2022 17:57:05 +0000

Resell Proxies…

I found a great……

By: zoomacasino-zar.top

zoomacasino-zar.top — Sat, 09 Nov 2024 14:43:21 +0000

zoomacasino-zar.top…

Haris.tv » WordPress SSL Plugin Secure-Admin patched and working!…

Comments on: WordPress SSL Plugin Secure-Admin patched and working!

By: Jan Dembowski

By: Haris

By: Juergen Kreileder

By: Haris

By: CIO Jerry

By: Haris

By: Don

By: Haris

By: Haris

By: Sam

By: Haris

By: Freakitude Technology Blog » Blog Archive » Hot Picks - January 18, 2007

By: al:x

By: Haris

By: al:x

By: FinD

By: blog:x » Blog Archive » sicherheit

By: Haris

By: Wordpress Secure-Admin Plugin at fredericiana

By: felixtriller.de » https zum letzten…

By: Siberia » Blog Archive » Wordpress 2.1

By: Lopo

By: Haris

By: Amadeo

By: Haris

By: Doug

By: Haris

By: Diana

By: Brady J. Frey

By: My-WhiteBoard’s Favorite WordPress plugins | my-whiteboard

By: alon

By: Haris

By: Haris.tv » Secure-Admin now supports Shared SSL!

By: Haris

By: Jon

By: Die besten WordPress Plugins - Administration » Tipps zur Suchmaschinenoptimierung

By: Paul

By: Haris

By: New Improved Musings

By: BlogSecurity » http versus https

By: Wordpress SSL Admin plugin (patched) | Mostly Harmless

By: pawan

By: Haris.tv

By: Haris.tv

By: ﻿﻿zoomacasino-zar.top

By: zoomacasino-zar.top