.htaccess 重定向 FORCE_SSL_ADMIN

.htaccess 重定向 FORCE_SSL_ADMIN

Codex Home → Getting Started → .htaccess redirects for FORCE_SSL_ADMIN
.htaccess redirects for FORCE_SSL_ADMIN

This is a quick reference for anyone that is using FORCE_SSL_ADMIN in their wp-config.php to serve the admin dashboard and user login over https, but would like normal users to browse the frontend over http. BuddyPress implements its own set of redirect to parameters so that normal users are redirected back to the frontend after logging in rather than going straight to the admin dashboard (the default WP behavior). This makes sense as most BP users aren』t going to need to see the dashboard, but when FORCE_SSL_ADMIN is enabled this redirection includes https and causes regular users to browse the frontend over https.
One solution for fixing this is to use .htaccess rules to blanket redirect users who are not browsing the admin dashboard to the http version of your site. Below is some sample .htaccess rewrite rules that should redirect your users to http when they login. Your .htaccess file should be located in your document root, but may vary depending on your configuration.
Make sure that your redirect rules occur before the WordPress section (which is added if you use permalinks). Also, note that the rewrite condition you use to check for https may differ. For example, for some shared hosts you may need to use RewriteCond %{HTTP:X-Forwarded-SSL} on instead.
For more information on .htaccess rules and SSL check out this article.

# This is the additional rewrite section
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule !^wp-(admin/|login.php|includes/|content/)(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注