How to remove "HTTPS" from Admin URL during site signup?

I have SSL installed on the main domain -> HTTPS://MainSite.com but NOT on the wildcard HTTP://SubSite.MainSite.com. After the subsite creation, user is given the brief welcome messages contain login details: subdomain URL and login URL.
The login URL is supposed to be HTTP://SubSite.MainSite.com/wp-login.php but is automatically set to HTTPS://Subsite.MainSite.com by your code.

Please advice without granting access which part of your plugin I need to change apart from uninstall the SSL from the main site.

  • Creatura

    Hi,

    we had the same issue, and added this to the .htaccess to work around it:

    # Redirect main domain and www to HTTPS
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} =yourdomain.com [or]
    RewriteCond %{HTTP_HOST} =www.yourdomain.com
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    # Redirect wildcard subdomains to HTTP
    RewriteCond %{HTTPS} on
    RewriteCond %{HTTP_HOST} ^(.+)\.yourdomain\.com$ [NC]
    RewriteCond %{HTTP_HOST} !=www.yourdomain.com
    RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    ## ADVANCED REWRITE END

    might be of use :slight_smile:

    Cheers,
    Joran

  • Code Injector

    Dear All,

    I am sure I must have done something wrong because I have zero knowledge in Apache as after trying it didn't seem to work.

    Where should I place either one of Bojan's code or Creatura's code in my htaccess?
    Which part of the WP default multisite network setting needed to be removed or which line should I add them into?

    My current full htaccess is as follows:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # add a trailing slash to /wp-admin
    RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
    
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
    RewriteRule ^(.*\.php)$ $1 [L]
    RewriteRule . index.php [L]
    </IfModule>
    
    # Disallow Directory Listing Browing
    <IfModule mod_autoindex.c>
       Options All -Indexes
    </IfModule>
    
    # Protect wp-config File
    <Files wp-config.php>
      order allow,deny
      deny from all
    </Files>
    
    # Protect Htaccess
    <Files ~ "^.*\.([Hh][Tt][Aa])">
      order allow,deny
      deny from all
      satisfy all
    </Files>
    
    # Uploaded Files
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
    
    # Block Bad Bots
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
    RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
    RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
    RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
    RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
    RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
    RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Zeus
    RewriteRule ^.* - [F,L]
    
    # protect from sql injection
    Options +FollowSymLinks
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule ^(.*)$ index.php [F,L]

    Please replace your code where you think it's appropriate with my complete htaccess above. Thank you all for your help.

  • Adam Czajczyk

    Helo Cas!

    I think I've got another set of rules for you to test. It seems to be working fine with online tester (I do not have SSL-enabled site at hand to test it in real environment) so hopefully will do the trick here.

    The code would be:

    RewriteCond %{HTTPS} ^on
    RewriteCond %{HTTP_HOST} !^test\.com [NC]
    RewriteCond %{HTTP_HOST} !^www\.test\.com [NC]
    RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    Please make sure that in lines #2 and #3 you have substituted "test.com" and "www.test.com" with your main domain. The code should be added right after this line I think:

    RewriteEngine On

    It should ignore your main site url (root domain) totally and then for sub-sites perform redirect to "https://". Let me know if it (or any ideas from today's chat) worked for you!

    Best regards,
    Adam

  • Adam Czajczyk

    Hello Cas!

    It must redirect from HTTPS to HTTP - not the other way around.

    That's exactly what my code should do for all your sub-sites, keeping main site intact. I now noticed that I wrote "redirect to https://" while what I was about to write was "redirect to http://". I'm sorry for causing confusion here.

    Here's a tester that I use, you may want to test it to make sure that we're on the same side here. In order to use it, just copy my rules to the main window and then put some test urls (only one for one test) to the test field and click on "check". It will show results right below the form :slight_smile:

    http://htaccess.mwl.be/

    That said, have you tried that already with your site?

    Best regards,
    Adam

  • Adam Czajczyk

    Hey Cas!

    My fault, I didn't test it with /wp-admin art. That said, I've tested another set of rules:

    RewriteCond %{HTTPS} ^on$ [NC]
    RewriteCond %{HTTP_HOST} !^test\.com [NC]
    RewriteCond %{HTTP_HOST} !^www\.test\.com [NC]
    RewriteCond %{HTTP_HOST} ^(.*)((\.[^\.]+){2}\.?)$
    RewriteRule ^ http://%1%2%{REQUEST_URI} [R,L]

    In emulator these seems to work pretty fine. Would you be willing to give another try (I think we should ignore the port number added here by tester)?

    Best regards,
    Adam

  • Alex Stine

    Hello Nate
    Hope you are well today!

    Could you please try the latest code provided? Add the following code below this line.

    RewriteEngine On
    Code:

    RewriteCond %{HTTPS} ^on$ [NC]
    RewriteCond %{HTTP_HOST} !^test\.com [NC]
    RewriteCond %{HTTP_HOST} !^www\.test\.com [NC]
    RewriteCond %{HTTP_HOST} ^(.*)((\.[^\.]+){2}\.?)$
    RewriteRule ^ http://%1%2%{REQUEST_URI} [R,L]

    Be sure to replace lines 2-3 with your site URL.

    Hope this helps!

    Cheers,
    Alex :smiley:

  • Nate

    Thanks Alex. I added the code and got the same issue. I just did a live registration and it resulted in Admin URL: https://subdomain.wellness-simplified.com

    Here's what I have in .htaccess now:
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} ^on$ [NC]
    RewriteCond %{HTTP_HOST} !^wellness-simplified\.com [NC]
    RewriteCond %{HTTP_HOST} !^www\.wellness-simplified\.com [NC]
    RewriteCond %{HTTP_HOST} ^(.*)((\.[^\.]+){2}\.?)$
    RewriteRule ^ http://%1%2%{REQUEST_URI} [R,L]
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    # add a trailing slash to /wp-admin
    RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
    RewriteRule ^(.*\.php)$ $1 [L]
    RewriteRule . index.php [L]
    </IfModule>
    # END WordPress

  • Nate

    The email that is received after registering is correct. It's just the url that is displayed after signing up that is off. See below for the welcome email:

    Howdy testdd,
    Your new Wellness Simplified Sites site has been successfully set up at:
    http://testdd.wellness-simplified.com/
    You can log in to the administrator account with the following information:
    Username: ####
    Password: #####
    Log in here: http://testdd.wellness-simplified.com/wp-login.php
    We hope you enjoy your new site. Thanks!
    --The Team @ Wellness Simplified Sites

  • Dimitris

    Hey there Nate,

    I trust you're good today and don't mind chiming in! :slight_smile:

    You can change this url in Settings -> Network Settings. You just have to hard code your url in place of BLOG_URL argument

    Hope that helps,
    Dimitris :slight_smile:

    PS. Please keep in mind to create your own threads about issues that you confront, especially if your request isn't relative to the thread's topic. :slight_smile:
    https://premium.wpmudev.org/manuals/using-wpmu-dev/how-to-open-a-support-ticket/

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.