2

I'm setting up my first Wordpress site, and having a bit of an issue with SSL in the admin. I've got my certificate, and added define('FORCE_SSL_ADMIN', true); to the appropriate place in wp-config.php

When I log into the admin via the https link, it works, but Chrome tells me that certain resources are not secure. Using the Chrome Developer Tools, I found it was the following:

The page at https://{mysite}/wp-admin/options-general.php?settings-updated=true displayed insecure content from http://{mysite}/wp-content/plugins/the-events-calendar/resources/events.css?ver=1.6.5.
The page at https://{mysite}/wp-admin/options-general.php?settings-updated=true ran insecure content from http://{mysite}/wp-content/plugins/the-events-calendar/resources/events.js?ver=3.1.1.

Looks like the "The Events Calendar" plugin doesn't quite respect the SSL setting.

I've tried configuring both WordPress address (URL) and Site address (URL) in the admin to https://{mysite}, and while this fully fixes the problem in the admin, it then causes similar secure content errors on the main site. I don't particularly want the main site running via SSL, so I'm not a fan of this option.

The site is installed at Dreamhost, using their "one-click install" system. The .htaccess file it created is:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

I have a feeling that the proper fix will require modifying the .htaccess, but I'm a little hesitant to do that as I don't want to potentially break the automatic update system that Dreamhost has for Wordpress sites.

Thanks in advance.

EDIT:

The "WordPress HTTPS" plugin seems to have solved all my problems.

Jay P.
  • 651
  • 3
  • 11

1 Answers1

0

What about modifying that plugin so it loads the js and css files from within the secured folder (wp-admin I guess)?

Those two files are loaded by the plugin in the file the-events-calendar.class.php, line 471, function loadDomainStylesScripts(). If you change the definition of the $eventsURL variable you should be done. This is what the plugin does:

$eventsURL = trailingslashit( WP_PLUGIN_URL ) . 
             trailingslashit( plugin_basename( dirname( __FILE__ ) ) ) . 
             'resources/';

And you will need something like:

$eventsURL = '/wp-admin/events-calendar-resources/';

If you create that folder yourself (and you will have to) I guess the automatic WP update won't remove it (but it is just a guess).

AJJ
  • 7,365
  • 7
  • 31
  • 34
  • But then that breaks automatic updating of the plugin. If this is just a bug and that's the only way to do it, then fine. But it feels wrong. Do people not normally use SSL for the Wordpress admin? Or is it at least not common enough to warrant plugin authors doing things correctly? – Jay P. Apr 14 '11 at 20:43
  • As far as I know, it is not usual to use SSL for Wordpress. I have never been asked to do it at least. If you have SSH access to your hosting account, what about moving the plugins folder inside the wp-admin and leaving a symbolic link in its place? I've never done it, but it should work as far as I can see, even for the WP auto updates or plugin updates, they should follow the symlink. – AJJ Apr 14 '11 at 20:52