long time lurker – first time poster.
A client of mine has a website developed in CakePHP, and a wordpress blog installed in the /blog/ directory.
Let’s say the url of the main domain is http://www.realdomain.com, with the blog being http://www.realdomain.com/blog/.
They don’t have their own SSL certificate so they use my companies. Let’s say the secure URL is https://realdomain.maindomain.net/blog/
I have the following code in my wp-config.php file:
define('WP_SITEURL', 'https://realdomain.maindomain.net/blog');
define('WP_CONTENT_URL', 'http://www.realdomain.com/blog/wp-content');
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
When I go to the /wp-login.php, it redirects me to the secure URL which is perfect.
However, when I log in to the secure site, WordPress tries to loads JavaScripts and styles from
`http**s**://realdomain.com`
Which causes problems because the main site doesn’t have a SSL certificate and as a result doesn’t load anything from https://realdomain.com
Is there anything else I’m missing?
Is the solution a .htaccess rule?
A rule which routed all “https://realdomain.com” to "https://realdomain.maindomain.com“?
I’ll pay anyone $20 who can help me fix it. I’ve Google’d until my hearts content and I don’t know what else I can do.
Thanks so much!
Just to keep things nice & clear, I’ve posted this as a new answer. Let’s reset the playing field & follow the below instructions as if it were a shiny new install (ignore all code & suggestions in previous answers).
In your wp-config.php
define( 'WP_SITEURL', 'http://www.realdomain.com/blog' );
define( 'SSL_DOMAIN_ALIAS', 'realdomain.maindomain.net' );
define( 'FORCE_SSL_LOGIN', true );
define( 'FORCE_SSL_ADMIN', true );
And in wp-content/mu-plugins/ssl-domain-alias.php
<?php
/**
* Plugin Name: SSL Domain Alias
* Plugin URI: http://wordpress.stackexchange.com/questions/38902
* Description: Use a different domain for serving your website over SSL, set with <code>SSL_DOMAIN_ALIAS</code> in your <code>wp-config.php</code>.
* Author: TheDeadMedic
* Author URI: http://wordpress.stackexchange.com/users/1685/thedeadmedic
*
* @package SSL_Domain_Alias
*/
/**
* Swap out the current site domain with {@see SSL_DOMAIN_ALIAS} if the
* protocol is HTTPS.
*
* This function is not bulletproof, and expects both {@see WP_SITEURL} and
* {@see SSL_DOMAIN_ALIAS} to be defined.
*
* @todo The replacement is a simple string replacement (for speed). If the
* domain name is matching other parts of the URL other than the host, we'll
* need to switch to a more rigid regex.
*
* @param string $url
* @return string
*/
function _use_ssl_domain_alias_for_https( $url )
{
static $domain;
if ( ! isset( $domain ) )
$domain = defined( 'WP_SITEURL' ) && defined( 'SSL_DOMAIN_ALIAS' ) ? parse_url( WP_SITEURL, PHP_URL_HOST ) : false;
if ( $domain && strpos( $url, 'https' ) === 0 )
$url = str_replace( $domain, SSL_DOMAIN_ALIAS, $url );
return $url;
}
add_filter( 'plugins_url', '_use_ssl_domain_alias_for_https', 1 );
add_filter( 'content_url', '_use_ssl_domain_alias_for_https', 1 );
add_filter( 'site_url', '_use_ssl_domain_alias_for_https', 1 );
?>
I’ve suggested using a Must-Use plugin (mu-plugins), since these are autoloaded without having to be activated first.
If you’d rather it be a standard plugin, you’ll need to add the FORCE_SSL_* constants after activation.
