Comments on: Securing WordPress Admin Access With SSL

By: Wordpress and SSL | David Hogue's Blog

Wordpress and SSL | David Hogue's Blog — Thu, 27 Oct 2011 23:54:50 +0000

[…] I finally found a way around this using mod_proxy. This page was a major help in getting that working. […]

By: metron

metron — Sat, 09 Jan 2010 13:40:03 +0000

In reply to umesh. Nice Howto but it stops to ask me what file I use to patch? What I have to choose to? regards

By: umesh

umesh — Tue, 10 Mar 2009 09:54:39 +0000

hi,

I am using WORDPRESS 2.7.1 with CAS authentication.
Now I am trying to publish a document on WordPress using XML-RPC but it shows error.
javax.faces.el.EvaluationException: Exception while invoking expression #{org_alfresco_module_blogIntegration_BlogActionListener.executeScript}
caused by:
org.alfresco.module.blogIntegration.BlogIntegrationRuntimeException: Failed to execute blog action ‘metaWeblog.editPost’ @ url ‘
caused by:
marquee.xmlrpc.XmlRpcException: The XML-RPC response could not be parsed: org.xml.sax.SAXParseException: The element type “address” must be terminated by the matching end-tag “”.

I want to know whether XMl-RPC request on wordpress is allowed after applying CAS authentication on WORDPRESS?

Please help.

By: BlogSecurity » Blog Archive » WordPress SSL for Debian Sarge

BlogSecurity » Blog Archive » WordPress SSL for Debian Sarge — Mon, 19 Nov 2007 02:24:03 +0000

[…] Kreileder over at blog.blackdown.de has a really nice step by step howto on how to enable SSL (HTTPS) for a WordPress […]

By: Notizen aus der Provinz » Needfull Links

Notizen aus der Provinz » Needfull Links — Tue, 28 Aug 2007 21:09:19 +0000

[…] Wie man den WordPress-Adminbereich mit SSL sichert […]

By: Jen Farmer

Jen Farmer — Wed, 24 Jan 2007 16:19:32 +0000

Nice examples, don’t forget to secure HTTPS only connections for submitting passwords to prevent sniffers.

http://www.askapache.com/2006/htaccess/apache-ssl-in-htaccess-examples.html

By: Securing WordPress Admin Access With SSL at Kwotem

Securing WordPress Admin Access With SSL at Kwotem — Sat, 13 Jan 2007 18:49:18 +0000

[…] Securing WordPress Admin Access With SSL […]

By: Larry

Larry — Mon, 07 Aug 2006 05:43:49 +0000

Hi,

I’m currently modifying wordpress 2.0 for my company to allow ldap authentication. Since the windows passwords will be used to log into wordpress, I’m going to run the whole blog on ssl. I haven’t given it a try yet. But hopefully it will work out of box.

There is one thing about wordpress that I don’t quite get. Why does word press use cookies to store all the user authentication info, why not sessions? It seems that using session is a much better/cleaner/safer way to handle user authentication while on the client side, there is only a session id that needs to be stored inside cookies.

Can someone give me some hints.

Thanks

By: wolfgang.lonien.de » Blog Archive » Howto secure your vserver

wolfgang.lonien.de » Blog Archive » Howto secure your vserver — Fri, 04 Aug 2006 06:18:25 +0000

[…] Still with me? Fear not; we’re almost there. If you – like we – happen to use WordPress on some of your pages, you still have to set the WordPress URL (under Options) to https://yoursite.com/, leaving the Blog URL at http://yoursite.com/. Since WordPress uses these URLs to actually hardlink everything on its admin pages, this must be done. Still, as some guys pointed out, cookies can be sent in cleartext, so watch out in hostile surroundings (you don’t save cookies or even passwords on your machines, do you? Then start with a fresh browser session). This is being worked on: the WordPress 2.1alpha brings secure logins already, so things are changing for the better. If you want real WordPress security now, visit Jürgen Kreileder’s pages and follow that setup – here an own server (at least vserver) is a must – you won’t be able to do this on shared webhosting. […]

By: Juergen Kreileder

Juergen Kreileder — Fri, 20 Jan 2006 19:33:14 +0000

Yeah, I’ll post an updated guide for the mixed HTTP/HTTPS setup this weekend.

As for pure HTTPS configurations: The current svn version of WP still has some issues, e.g. triggering of asynchronous pings doesn’t work.

By: s.b

s.b — Fri, 20 Jan 2006 16:29:31 +0000

Hi there! Now the 2.0-version is out, but I think there is still no good solution for https-support …

By: it&t » Blog Archive » wordpress installation

it&t » Blog Archive » wordpress installation — Mon, 12 Dec 2005 13:53:59 +0000

[…] after completing the installation i noticed that the admin area can not be configured to be accessible via ssl. googling for solutions i came across a very useful blog entry which provides a patch and instructions on how to configure the apache proxy module to enable ssl access to the admin interface. […]

By: http://vorpal.cc/blog » Wordpress and SSL

http://vorpal.cc/blog » Wordpress and SSL — Sat, 03 Dec 2005 02:29:39 +0000

[…] I finally found a way around this using mod_proxy. This page was a major help in getting that working. […]

By: Juergen Kreileder

Juergen Kreileder — Thu, 01 Dec 2005 20:54:53 +0000

AFAIK the forthcoming WordPress 2.0 should work out-of-box when running everything on https.

As for the mixed http/https setup, I’ll update this guide when 2.0-final is released.

By: Ju

Ju — Thu, 01 Dec 2005 07:29:41 +0000

hello… thx for trying to solve that problem. But I wish my entire blog (both admin and client-side) could work on my ssl/https server. Changing the “http://&/#8221; to “https://&/#8221; in the install file doesn’t give access to the page… so far I’m stuck. Any help ?

By: WebhostingTech » Archiv » Kontrollzentrum von Wordpress mit SSL sichern

Wed, 20 Jul 2005 21:18:59 +0000

[…] Ein schönes Howto um das Kontrollzentrum bei WordPress mit Hilfe von SSL zu sichern. […]

By: Juergen Kreileder

Juergen Kreileder — Wed, 25 May 2005 16:03:20 +0000

It’s -p1, not -pl. In other words: there’s a ONE at the end, not an L.

The setup described here is for a mixed HTTP/HTTPS environment: Readers still use HTTP, only admin access is done via HTTPS.

If you put the whole blog on an HTTPS server, WordPress should work pretty much out of the box. If it doesn’t, just look through the source code if there’s some hardcoded “http://&/#8221;.
Also, for an intranet site you don’t need certificates, so setup should be pretty straightforward. I can’t tell you how to do it, though, because I’m not familiar with IIS.

By: kb

kb — Wed, 25 May 2005 15:39:29 +0000

I’m trying to set up WordPress on a intranet site that’s 100% SSL and I don’t know where to turn. It’s served from Windows IIS.

I tried running your patch from the DOS prompt but I get this error:

patch: **** strip count ‘l’ is not a number

any ideas?

By: Juergen Kreileder

Juergen Kreileder — Fri, 20 May 2005 02:25:03 +0000

You mean wp-ssl.patch? That's a patch, not a plugin. To apply it to the WordPress source code do this:

$ cd /path/to/wordpress
$ patch -p1 < /path/to/wp-ssl.patch

By: Cody

Cody — Fri, 20 May 2005 01:46:24 +0000

I like the config that you have here, but I am not able to install the plug in. When I put the file into the “wp-content/plugins” folder I don’t see it come up. Any ideas?