How to force SSL on all multisite subdomains

I want the admin and specific frontend pages on the main site to be encrypted, but all pages (backend and frontend) on subsites should be encrypted. Wildcard SSL is installed and working. I'm using New Blog Templates for all subsites, with the Wordpress HTTPS plugin activated on the main site and template site (not network activated). This plugin doesn't seem to play well with /wp-signup.php. I can't figure out the right plugin settings and it's not in active development. Wondering if there's a way to implement the desired functionality without the plugin. Any and all help much appreciated.

  • Michelle Shull
    • DEV MAN’s Apprentice

    Hey there Burlington!

    I believe you can do this with a fairly simple edit, per this info here:

    To Force SSL Logins and SSL Admin Access
    The constant FORCE_SSL_ADMIN can be set to true to force all logins and all admin sessions to happen over SSL.

    define('FORCE_SSL_ADMIN', true);

    This is going to be network wide, for all admin (backend) sessions, but not front-end sessions.

    For front end, I found a quick guide, here.

    Let us know how it goes!

  • Burlington Avenue
    • Site Builder, Child of Zeus

    Thanks, Michelle. I'm using the plugin specified in that guide, but there's no info on multisite setup. I'm wondering if there's an issue between that and the New Blog Templates plugin. The immediate problem is that the URL for new subsites in /wp-signup.php and the network admin are all wrong, and I think the SSL plugin is partly responsible.

    Any best practices on this plugin's settings for multisite installs, or with New Blog Templates?

  • Burlington Avenue
    • Site Builder, Child of Zeus

    I think I resolved this issue with an upgrade to New Blog Templates and an un-hack to /wp-signup.php. I havent checked for conflicts, but I get the desired behavior with appropriate settings in the Wordpress HTTPS plugin.

    Let me know if I should start a separate thread for this, but the remaining problem I have is the need to slightly hack /wp-signup.php without an additional plugin. Is there a smart way to redirect it to my hacked version, say /hacked-signup.php? Thanks much.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.