內容簡介
此外掛確保在主網域名稱的子網域上總是透過 SSL 登入,但是自訂網域的存取則總是透過 HTTP,以避免憑證錯誤。適用於 WordPress Multisite。
WordPress 的內建指令 FORCE_SSL_LOGIN 和 FORCE_SSL_ADMIN 可以在 wp-config.php 中使用,但是在你擁有自訂網域且無法獲得 SSL 憑證的情況下,這些指令會變得太過嚴格。對於自訂網域的網站,我們需要確保登入和管理存取發生在可以正確使用 HTTPS 的子網域上。
此外掛會過濾 WordPress 用來產生內部連結的登入、登出、首頁和管理頁面 URL。我們需要這麼做是因為:假設我們有一個名為 mynetwork.com 的 WordPress Multisite 網路。我們買了一個豪華的 SSL 泛域名憑證,所以我們可以提供 * .mynetwork.com 的安全連線。我們很希望所有登入和管理存取都可以在此安全連線上進行。我們允許這個網路上的網站使用自訂網域,例如 demo-site.com。我們可能會使用 WPMU Domain Mapping 來實現這一點,因此這些網站有兩個網域:demo-site.com 和 demo-site.mynetwork.com。假設我們啟用了 FORCE_SSL_LOGIN 或 FORCE_SSL_ADMIN,這樣會有一個問題。當使用者前往 https://demo-site.com/wp-login.php 時,他們會收到憑證錯誤。我們可以為 * .mynetwork.com 準備通配符憑證,但是我們不可能為所有自訂網域安裝有效的 SSL 憑證!因此,我們要強制讓所有登入和管理頁面為 https://demo-site.mynetwork.com/wp-admin/…,把所有其他存取方式改用 http://demo-site.com/…,此外掛會重新編寫 wp-login(包括登出)和 wp-admin 的 URL,使之符合這個範例。注意,此外掛對 WordPress Multisite 網路做了一些(愚蠢的)假設。請確保這些假設在你的網站上成立,否則此外掛可能會產生意外的後果。
外掛標籤
開發者團隊
原文外掛簡介
Ensures logins are always done via SSL on a subdomain of the master domain, but that access to custom domains are always done over HTTP, to avoid certificate errors. For WordPress Multisite.
WordPress’ built-in FORCE_SSL_LOGIN and FORCE_SSL_ADMIN directives in wp-config.php work great, but are too restrictive in situations where you have custom domains — custom domains for which you cannot have SSL certificates. For sites on custom domains, we need to make sure that the login and admin access happens over the subdomain, which can be properly served over HTTPS.
What this Plugin does (incorporating Foolish Assumptions)
or, a readme you should read before implementing this plugin on your site.
This plugin filters the login, logout, home and admin URLs that WordPress uses to generate its internal links.
Why do we do this?
The Scenario
We have a WordPress Multisite network. Let’s call it mynetwork.com. We bought a fancy SSL wildcard certificate so we can offer *.mynetwork.com over a secure connection.
We’d very much like to use this secure connection for all logins, and for all admin access.
We also allow sites on this network to use a custom domain — like demo-site.com. We might be using WPMU Domain Mapping to achieve this. These sites have two domains, then — demo-site.com and demo-site.mynetwork.com.
If we switch on FORCE_SSL_LOGIN or FORCE_SSL_ADMIN, we have a problem. When users go to https://demo-site.com/wp-login.php, they get a certificate error. We have a wildcard certificate for *.mynetwork.com, but we can’t possibly have a valid SSL certificate installed for every custom domain!
Instead, we want to force all login pages and admin pages to be:
https://demo-site.mynetwork.com/wp-admin/…
We want all regular access to be:
http://demo-site.com/…
This plugin facilitates that — rewriting the wp-login (including logout) and wp-admin URLs to the first example, and rewriting all the others to the second style.
Foolish Assumptions
This plugin makes some (foolish) assumptions about your multisite network. You must make sure that these assumptions are true for your site, or you will find that this plugin may have unintended consequences and break things that are difficult to fix without manually disabling the plugin.
Your subdomains are in the format: a.b
where a is, for example: demo-site. b is, for example: mynetwork.com. a must be a single domain component. (a can’t be, for example: demo.site)
Your wildcard certificate is configured properly for:
*.mynetwork.com
your network site URL
So if your network site URL is www.mynetwork.com, your wildcard cert will be fine. If it is just mynetwork.com, you will need another cert to avoid errors when you go to https://mynetwork.com/wp-admin.)
Your site already has the custom domains working.
I suggest the excellent WPMU Domain Mapping for this.
Your web server also needs to be set up to handle hosting a wildcard name virtual host. All of this is really part of the WPMU Domain Mapping set up, and not the set up for this plugin. I’m just, you know, mentioning it.
You have the FORCE_SSL_LOGIN setting in wp-config.php true.
You have the FORCE_SSL_ADMIN setting in wp-config.php false. We’ll handle that — WordPress’ forcing of SSL admins will conflict with this plugin.
