SSL Multisite Login Problem: Subsites Just reload login page

I’ve recently switched my WordPress multisite over to https and it’s now causing a problem with login.

When I try to login to any subsite, the login page loads OK, but when entering the correct credentials, it simply redirects back to the login page. No matter what I do, I can’t get past the login page for any subsite.

I can login to the main site through the root login page, and then navigate to the sub-site dashboards, but it’s very frustrating for users that they can’t go to their own sites directly.

I’d appreciate any help anyone can offer on what I’ve done wrong!

Colin

  • Colin
    • Site Builder, Child of Zeus

    Hi Kasia, thanks for helping.

    The site uses sub directories, so no wildcards in play.

    I've disabled all login and redirect plugins, but it doesn't have an effect.

    One thing I've just noticed is that the login page form still points towards the http:// version, eg, here's the code:

    <form name="loginform" id="loginform" action="http://www.thepodcasthost.com/university/wp-login.php&quot; method="post">

    I've replaced the http:// in every place I know, including a full database search and replace. The https:// is showing up as the sub-site URL in the sub-site settings. But then the link that's at the top of the sub-site settings is showing as http:// – as demonstrated by the screenshot below. Do you think this could indicate where I've missed the HTTPS change?

  • Colin
    • Site Builder, Child of Zeus

    Thanks Kasia,

    Yes, I’ve used the define(‘force…. within my config.

    I’d rather not add another plugin to my config for this. I believe it can be done effectively using the right database and .htaccess setup.

    The settings you’re asking about – which settings are you referring to?

  • Kasia Swiderska
    • Support nomad

    Hello Colin,

    I’d rather not add another plugin to my config for this. I believe it can be done effectively using the right database and .htaccess setup.

    How is your .htaccess looks – can you show it? Changing entries in database should be last thing when switching to the SSL – when nothing else works.

    As for the settings – on your screen, there is a setting tab – you should be able to check whole url of the subsite – with the “http” part also.

    Can you grant support access to your site and I will take a look? You can grant support access via WPMU DEV > Support > Support Access > Grant Access.

    Kind regards,

    Kasia

  • Colin
    • Site Builder, Child of Zeus

    Yes, for sure, I’m granting support access now – I’d appreciate you having a look. Can you view the htaccess file that way, or should I still post contents?

    I’ve actually converted the default site back to http: for now because of all the problems, but you can still load https pages to test them.

    Thanks

    Colin

  • Kasia Swiderska
    • Support nomad

    hello Colin,

    Yes, for sure, I’m granting support access now – I’d appreciate you having a look. Can you view the htaccess file that way, or should I still post contents?

    No, unfortunately I cant have a look on httacces just with the support access, I have to ask you to past it here.

    Kind regards,

    Kasia

  • Colin
    • Site Builder, Child of Zeus

    Ok, thanks Kasia

    Here you go.

    I’ve actually reverted the site back to http: for now because of all the problems. I’m still running /unversity/ on SSL so that’s the redirect you see here, but I was using that same redirect for the entire site previously. Would appreciate your help.

    # Start

    # Enable php.ini – added by hosting company

    <IfModule mod_suphp.c>

    suPHP_ConfigPath /home/thepodca/public_html

    </IfModule>

    <Files php.ini>

    order allow,deny

    deny from all

    </Files>

    #Redirect to https

    RewriteEngine On

    RewriteCond %{HTTPS} !=on

    RewriteRule ^(university/.*)$ https://www.thepodcasthost.com/$1 [R=301,L]

    # Added in ticket 1301359 per GTMetrix

    FileETag none

    # End

    # Exclude the file upload script from authentication

    <FilesMatch “(async-upload.php)$”>

    Satisfy Any

    Order allow,deny

    Allow from all

    Deny from none

    </FilesMatch>

    ## EXPIRES CACHING ##

    <IfModule mod_expires.c>

    ExpiresActive On

    ExpiresByType image/jpg “access 1 year”

    ExpiresByType image/jpeg “access 1 year”

    ExpiresByType image/gif “access 1 year”

    ExpiresByType image/png “access 1 year”

    ExpiresByType text/css “access 1 week”

    ExpiresByType application/pdf “access 1 month”

    ExpiresByType text/x-javascript “access 1 month”

    ExpiresByType application/x-shockwave-flash “access 1 month”

    ExpiresByType image/x-icon “access 1 year”

    ExpiresDefault “access 2 weeks”

    </IfModule>

    ## EXPIRES CACHING ##

    RewriteBase /

    RewriteRule ^index.php$ – [L]

    RewriteRule ^(.*/)?sitemap.xml wp-content/sitemap.php [L]

    # add a trailing slash to /wp-admin

    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]

    RewriteCond %{REQUEST_FILENAME} -d

    RewriteRule ^ – [L]

    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]

    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*.php)$ $2 [L]

    RewriteRule . index.php [L]

    <IfModule mod_deflate.c>

    # Compress HTML, CSS, JavaScript, Text, XML and fonts

    AddOutputFilterByType DEFLATE application/javascript

    AddOutputFilterByType DEFLATE application/rss+xml

    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject

    AddOutputFilterByType DEFLATE application/x-font

    AddOutputFilterByType DEFLATE application/x-font-opentype

    AddOutputFilterByType DEFLATE application/x-font-otf

    AddOutputFilterByType DEFLATE application/x-font-truetype

    AddOutputFilterByType DEFLATE application/x-font-ttf

    AddOutputFilterByType DEFLATE application/x-javascript

    AddOutputFilterByType DEFLATE application/xhtml+xml

    AddOutputFilterByType DEFLATE application/xml

    AddOutputFilterByType DEFLATE font/opentype

    AddOutputFilterByType DEFLATE font/otf

    AddOutputFilterByType DEFLATE font/ttf

    AddOutputFilterByType DEFLATE image/svg+xml

    AddOutputFilterByType DEFLATE image/x-icon

    AddOutputFilterByType DEFLATE text/css

    AddOutputFilterByType DEFLATE text/html

    AddOutputFilterByType DEFLATE text/javascript

    AddOutputFilterByType DEFLATE text/plain

    AddOutputFilterByType DEFLATE text/xml

    # Remove browser bugs (only needed for really old browsers)

    BrowserMatch ^Mozilla/4 gzip-only-text/html

    BrowserMatch ^Mozilla/4.0[678] no-gzip

    BrowserMatch bMSIE !no-gzip !gzip-only-text/html

    Header append Vary User-Agent

    </IfModule>

  • Vinod Dalvi
    • WP Unicorn

    Hi Colin,

    Thank you for sharing the .htaccess file code but i don’t see anything wrong with it.

    Would you mind if I access your site using FTP and did some testing? This might help get to the bottom of this faster. If this is ok, just send log in info through our secured contact form: https://premium.wpmudev.org/contact/

    – Choose “I have a different question”

    – Include my name in the subject “Vinod Dalvi”

    – Include the URL of this post in your message so that I may track this issue better

    – Include login information (WordPress admin info username + password )

    – Include FTP Details

    Regards,

    Vinod Dalvi

  • Vinod Dalvi
    • WP Unicorn

    Hi Colin,

    Thank you for sending the details.

    I could confirm the issue on your site and found it's causing because some files are getting loaded on your sub sites without HTTPS protocol as shown in the attached screenshot.

    I tried various solutions on your site using FTP but they didn't resolve the issue.

    The admin log in credentials that you have sent is not working on your main site so please send me your network admin credentials so that i can troubleshoot more?

    Also please try using any of the following plugins and solutions.

    https://wordpress.org/plugins/wordpress-https/

    https://wordpress.org/plugins/force-ssl-everywhere/

    https://webdevstudios.com/2015/02/11/how-to-set-up-https-on-wordpress/

    Regards,

    Vinod Dalvi

  • Colin
    • Site Builder, Child of Zeus

    Thanks for looking into this.

    Images on my front page are currently not loading, though, and it’s now redirecting to https. I’m assuming that was a change you made. Please can you undo the changes you made for now.

    Thanks

    Colin

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.