I’m working on a site that requires an https secured admin area and a secure front-end area as well where private information will be shown. My preference for user login is an Ajax-enabled widget that can be shown on every page of the site, but I’m not able to make it work when passing submitted form data from the non-secured pages to the login page.
I started by using the Login With Ajax plugin, which with a few modifications, plays well with SSL for the most part, and it works fine when logging in from a page that’s being accessed by https… and it also works fine when FORCE_SSL_ADMIN is turned off. But when trying to log in from the widget on a non-secured page with FORCE_SSL_ADMIN on, I can’t get an response from the server.
Are there any existing plugins which solve this problem? And if not, anyone have any solutions? Maybe a secured form embedded in an iframe is my best idea so far… just thinking that there must be an easier way.
*Edit: Offering Bounty*
I’m adding a bounty to this question because I’m still curious. I worked around this in my project by just giving up on the widget and displaying a link to the wp-login page. But being able to embed a secure login form on a non secure page would be a much better solution. I’ll award the bounty to anyone who can show code that would work to make that happen, or point me to a plugin that already does this.
5 s
There are ways of doing it; this way, for instance. My guess is that Login With Ajax isn’t using all of the techniques described in that article, and some browser security feature is blocking it. Try getting in touch with the developer and suggesting improvements, with a pointer to that article.