I have a multisite setup, using SSL.
Everything works fine. visitors are getting all there content over https. There is not a single url without httpS in my page source. (inclusing urls to css,js files)
But, once go to the login page, all my css files have an URL with http instead of https. So most browsers block these insecure sources, thus screwing up admin interface. The pages itself is loaded over https, all redirects are also served over https.
My site url is set to https://… I’v searched my database and project files and there is not a single reference to http://…
What can cause this problem?
1 Answer
Got it solved. Turns out the server was hosted behind a reversed proxy, causing WordPress not knowing it was running over https.
Once I knew this, I found the solutions in the official documentation:
http://codex.wordpress.org/Administration_Over_SSL (under “Using a Reverse Proxy”)
This was needed in my wp-config.
define('FORCE_SSL_ADMIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on'
