Redirect all Login calls to SSL secured original domain

I've recently secured my multisite with a wildcard SSL certificate. I'm trying to avoid the warnings when trying to log in to a domain-mapped site, by redirecting all login attempts to the original subdomain URL (from visiting the login link in the admin bar, attempting to visit domainmappedURL.com/wp-login.php, and when using the Meta Widget). WordPress.com does this on all of its domain-mapped sites.

Would this be an .htaccess redirect rule? I see here they have redirected to the root domain: https://premium.wpmudev.org/forums/topic/redirect-all-wp-loginphp-files-to-root-file

I would rather stay on the subdomain site, but be redirected to the secured original subdomain.

Any help you can offer is appreciated.

  • Michelle Shull

    Hello, mrjarbenne! Hope you're about to have a wonderful weekend.

    What errors are you getting on the login page? Are your forcing HTTPS network-wide, or do you have a mix of HTTPS and HTTP content?

    That being said, the general solution @Ashok offered in that solution should work for you as well, but you'd need (I believe) a redirect for each sub-domain's login page, unless there's a one-size-fits-all solution. I flagged Ash to offer some insight here, too, his regular expression kung-fu is much stronger than mine.

    Thanks for your question!

  • mrjarbenne

    Thanks Michelle,

    I'm forcing HTTPS on login.

    On domain mapped URLS I'm getting "This Connection is Untrusted" errors, because the wildcard certificate is securing subsite1.domain.com but not subsite1'sdomain.com. (not mixed content errors: that's another beast entirely)

    A redirect for each individual subdomain is possible, but I'd rather not have to add an additional re-direct rule every time I add a new domain map (the multisite as 6000 subdomains, and we promote domain mapping).

  • Ash

    Hello @mrjarbenne

    Would you please try the following code:

    add_action('init','custom_login');
    
    function custom_login(){
    	global $pagenow;
     	if( 'wp-login.php' == $pagenow ) {
    		$protocol = is_ssl() ? 'https://' : 'http://';
    		$domain = $protocol . $_SERVER['SERVER_NAME'];
    		switch_to_blog(1);
    		$main = site_url();
    		restore_current_blog();
    		if( $main != $domain){
    			wp_redirect( $main . '/wp-login.php');
    			exit();
    		}
    	}
    }

    You can add those codes in your functions.php in the theme, if you think your theme won’t be changed. Otherwise mu-plugins is the best solution. To use mu-plugins, go to /wp-content/ and find the folder with name 'mu-plugins'. If there is no folder in that name, then create a folder, name it 'mu-plugins', create a file inside that, give any name you like and paste the code in there. You don't need to activate that plugin. Mu-plugins means must use plugins, so it will be activated automatically always. If you use mu-plugins then add a php start tag at the beginning of the code.

    Hope it helps :slight_smile: Please feel free to ask more question if you have any.

    Cheers
    Ash

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.