I have a fresh Wordpress installation that works fine. I decide to make it work under HTTPS so I go in the General config and change the "Wordpress Address" and the "Site Adress" from / to /.
First, this create a redirection loop so I have to add the following lines to my wp_config.php:
/** SSL */
define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
There, I'm able to see the blog in HTTPS as well as the login page. Once I try to login though, I get the following error: Sorry, you are not allowed to access this page.
Impossible to access to the admin interface in HTTPS.
If I reverse the URLs (via phpMyAdmin) and remove the lines from my wp_config.php file, I can login properly. Any idea what is wrong with my installation? Is it the fact that the blog is under /blog/?
Thanks for your help!
I have a fresh Wordpress installation that works fine. I decide to make it work under HTTPS so I go in the General config and change the "Wordpress Address" and the "Site Adress" from http://my.website/blog/ to https://my.website/blog/.
First, this create a redirection loop so I have to add the following lines to my wp_config.php:
/** SSL */
define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
There, I'm able to see the blog in HTTPS as well as the login page. Once I try to login though, I get the following error: Sorry, you are not allowed to access this page.
Impossible to access to the admin interface in HTTPS.
If I reverse the URLs (via phpMyAdmin) and remove the lines from my wp_config.php file, I can login properly. Any idea what is wrong with my installation? Is it the fact that the blog is under /blog/?
Thanks for your help!
Share Improve this question asked Dec 1, 2017 at 15:50 FredFred 711 gold badge1 silver badge2 bronze badges 1- Is that a WordPress error message or an Nginx/Apache error message? Is this a single or a multisite install? Is your login page served over HTTPS? – Tom J Nowell ♦ Commented Dec 1, 2017 at 16:47
4 Answers
Reset to default 15Just a quick note, the code
define('FORCE_SSL_ADMIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
need to be at the top of the config file just after the <php or it will not work.
After changing the "Wordpress Address" and the "Site Adress" to https, and keeping FORCE_SSL_ADMIN set to true, I would make the http to https redirects occur above the code - so you're not relying on PHP/Wordpress to do it. If running Apache do it with .htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
If Nginx there's lots of how-to's online. If you want to limit it to just your /blog/ or subdomain, you can refine the RewriteCond's.
After that try logging in again. If you still get admin permission errors, try in Private Browsing mode to rule out a confused login cookie.
(Also in "Related" sidebar, found this thread where using $_SERVER['HTTPS'] with FORCE_SSL_ADMIN caused exact same issues: Setting $_SERVER['HTTPS']='on' prevents access to wp-admin )
This Really Worked for me in AWS, Amazon Linux 2
WordPress LAMP + Wordpress
Added this Code at the top of the wp-config.php:
<?php
define('FORCE_SSL_ADMIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
Thanks
Also search wp-setting.php file for define('DISALLOW_FILE_MODS',true); and delete it. Non of the above solutions worked for me except this one!
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745400031a4626058.html
评论列表(0条)