WordPress, SSL and Plesk

Published on October 11, 2007 by in Blog, Tips and Tricks, WordPress

4

One of my clients runs a WordPress blog on a Plesk powered web server. My client requires that their WordPress admin only be accessible via SSL. Given Plesk’s default behavior of storing non-secure files in /httpdocs/ and secure files in /httpsdocs/, this presented a configuration challenge.

The Problem
Initially, I simply copied the files from /httpdocs/ to /httpsdocs/. This allowed my client to access both the public and admin areas of WordPress via SSL. However, we ran into problems when we tried uploading files and inserting them into posts.

Under SSL, WordPress would upload the files to /httpsdocs/wp-content/uploads/; however, the WordPress WYSIWYG editor would link to the files via a non-secure hyperlink. This would result in a broken link since the files weren’t being stored in the non-secure upload folder.

The Solution
My first idea for fixing this problem was to add some mod_rewrite rules to /httpdocs/.htaccess. I planned to add some rules which would redirect all non-secure links to /wp-content/uploads/ to secure links. However, after a bit of searching, I found that there is a simple configuration checkbox in Plesk that is designed to handle scenarios such as this.

Under the setup page for a Plesk domain, there is a checkbox that reads “Use a single directory for housing SSL and non-SSL content.” Checking that box and saving my settings was a quick and easy solution to this problem.

4 Responses to “WordPress, SSL and Plesk”

  1. Jim Pannell says:

    But what does “Use a single directory for housing SSL and non-SSL content.” mean? Does it mean that you don’t have to use the https directory and can put everything into http?

  2. Michael says:

    Yes, checking that box means that you only have to use the /httpdocs/ directory.

  3. Ian says:

    The client wanted the admin section to *only* be accessible over SSL, though, right? If you just symlink httpsdocs to httpdocs then it’s accessible over regular HTTP also.

Leave a Reply