FORCE_SSL_ADMIN only for the admin area

0 Views

I have a wordpress site
i would like to change only the admin area to https.
i try to add define(‘FORCE_SSL_ADMIN’, true); in wp-config.php but it is changing the site and the admin area is changing to https
any ideas?

Post Views: 0

Related posts

2 comments

  1. That constant is used to transfer the connection to HTTPS when entering wp-admin, but it is not used to transfer the connection to plain HTTP when leaving wp-admin. The problem here is that you leave HTTPS wp-admin and end up on HTTPS frontend.

    You can use server rewrite directives or PHP header redirects to switch the protocol. Example (not tested) for Apache rewrite:

    <IfModule mod_rewrite.c>
    RewriteEngine On

    # Are we on HTTPS?
    RewriteCond %{HTTPS} on

    # Are we _not_ on wp-admin or login?
    RewriteCond %{REQUEST_URI} !(/wp-admin|/wp-login)

    # Simple redirect to your domain and the requested URL.
    RewriteRule ^(.*)$ http://www.yourdomain.abc/$1 [L,R=301]
</IfModule>

    Example (not tested) for using wp_redirect:

    add_action('template_redirect', function () {
    global $pagenow;

    // Not a HTTPS connection.
    if ($_SERVER['HTTPS'] !== 'on') {
        return;
    }

    // We are either in wp-admin or on login.
    if (is_admin() || strpos($pagenow, 'wp-login') !== false) {
        return;
    }

    // Grab the current request URL.
    $requestUri = $_SERVER['REQUEST_URI'];

    // Get non-HTTPS WP url.
    $newUrl = str_replace('https://', 'http://', home_url($requestUri));

    wp_redirect($newUrl);
    exit;
});

  2. you can do it by modifying .htaccess file

    Add this code in top of htaccess file

     RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /(.*) HTTP/ [NC]
  RewriteCond %{HTTPS} !=on [NC]
  RewriteRule ^/?(wp-admin/|wp-login.php) https://example.com%{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]

    Hope this will work for you.

Comments are closed.