Comments on: Fixing WordPress Secure Admin and PHP 5.2.1

By: Matt

Matt — Wed, 18 Apr 2007 20:58:26 +0000

Well we used the secure-admin plugin for almost a year on WordPress.com and I think we worked out nearly all the bugs, but if you file a patch at http://dev.wp-plugins.org/ I’ll ping Ryan to take it upstream.

By: Anonymous

Anonymous — Wed, 18 Apr 2007 20:42:49 +0000

Anyone is more than welcome to take and use these changes, but the bug will the upload manager using HTTPS may not be fixable with my approach (doesn’t apply to Haris’ approach though). The right way to do all of this is to have a separate setting for the admin URL and use that for things that are being included in the admin page, these plugins are really just clever but nasty hacks around a limitation in WordPress.

By: Matt

Matt — Wed, 18 Apr 2007 19:52:16 +0000

Have you thought about submitting these changes back upstream to Ryan’s original code in the repository?

http://wordpress.org/extend/plugins/secure-admin/

By: Haris (haris.tv)

Haris (haris.tv) — Wed, 18 Apr 2007 10:51:49 +0000

Hope you spot the problem, I’m caught up with other commitments at the mo otherwise I’d have a look myself. Let us know how you get on.

By: Adrian Sutton

Adrian Sutton — Tue, 17 Apr 2007 21:19:20 +0000

Sounds like we've found the first bug. The plugin manager is using HTTPS urls to uploaded files instead of HTTP. The HTTPS server here requires a client SSL certificate which is why you get the -12227 error. I'll have to look into that but I'm not quite sure what can be done about it.

By: Haris (haris.tv)

Haris (haris.tv) — Tue, 17 Apr 2007 11:59:32 +0000

I’ve just realized that I can access the files if I omit the https:// in the links.

Otherwise I get a certificate verification warning (which I temporarily accept) that then throws an error code of -12227?

I’ll take a look at the files, thanks.

Haris

By: Adrian Sutton

Adrian Sutton — Tue, 17 Apr 2007 10:57:27 +0000

Hi Haris,
Good to see you’ve fixed it, the links above work for me, so I’m not sure what’s going on at your end - hopefully it’s intermittent, otherwise I can email you the files if you’re interested in them. It’s a very different approach to your original plugin, but I’m finding it extremely useful since it handles URLs generated by plugins as well.

By: Haris (haris.tv)

Haris (haris.tv) — Mon, 16 Apr 2007 13:23:34 +0000

Hi Adrian,

I’ve recently fixed the issue with PHP 5.2.1 and the download file is now version 02(59).

I’ve written a few comments on the problem here:
http://haris.tv/2007/01/11/wordpress-ssl-plugin-secure-admin-patched-and-working/#comment-2726

PS. I’ve tried to access the php file and text file but am receiving errors on the links above

PPS. I was chuckling when I read …’very much untested and could destroy everything …try it on a friends blog first.’ LOL!

Haris