Web Admin help needed (SSL, Wordpress stuff) - Miata Turbo Forum - Boost cars, acquire cats.

Welcome to Miataturbo.net   Members
 


Insert BS here A place to discuss anything you want

Reply
 
 
 
LinkBack Thread Tools Search this Thread
Old 08-03-2012, 12:48 PM   #1
Crumple Zone Tester
Thread Starter
iTrader: (7)
 
mgeoffriau's Avatar
 
Join Date: Jul 2009
Location: Jackson, MS
Posts: 7,656
Total Cats: 447
Default Web Admin help needed (SSL, Wordpress stuff)

Okay, looking for ideas here. This is the setup:

www.lemuriabooks.com (main domain, company website with secure pages for checkout)
blog.lemuriabooks.com (subdomain, company Wordpress blog, no secure pages)

Hosted on Bluehost.

This morning I checked the website as I normally do. Main site looks fine, blog looks fine, when I click to log in to the back end of the Wordpress blog...it redirects to the main site (www.lemuriabooks.com). That's odd. Try it again, same result. Check cPanel on our Bluehost account, the redirect for the blog.lemuriabooks.com is correct and pointing to the appropriate address.

Finally I notice that the link to the Wordpress back end is pointing to a secure https address...which it should not be. Those pages have never been secure. Back to cPanel, I confirm that there's no SSL certificate set up for the subdomain. Moreover, I remember that it's not possible for the subdomain to be secure -- Bluehost restricts accounts to one SSL cert and it can only be applied to the main domain.

So, I'm guessing that either Wordpress or the Wordpress security plug-in was updated or options were changed to make the Wordpress back end secure...only there's no SSL cert, so it keeps redirecting to the main domain site.

Ideally, I would log in to Wordpress, check the settings, and turn off whatever option in the security plug in that is attempting to make the back end secure...except I can't log in to the back end in order to make those changes.

I have tried getting to the same Wordpress back end via the full address on the primary domain (LemuriaBooks.com.) but I can't get those pages to load -- either 404's, or redirecting back to the main page.

Any thoughts? At the moment, I've been trying to figure out (using FTP) what the correct full URL would be to get to the Wordpress back end admin page, but I'm not sure that that would work anyway.

Is there some way I can force the site to stop attempting to use a secure connection on those pages?
mgeoffriau is offline   Reply With Quote
Old 08-03-2012, 12:57 PM   #2
Elite Member
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Quote:
Originally Posted by mgeoffriau View Post
Finally I notice that the link to the Wordpress back end is pointing to a secure https address...which it should not be. Those pages have never been secure. Back to cPanel, I confirm that there's no SSL certificate set up for the subdomain. Moreover, I remember that it's not possible for the subdomain to be secure -- Bluehost restricts accounts to one SSL cert and it can only be applied to the main domain.

So, I'm guessing that either Wordpress or the Wordpress security plug-in was updated or options were changed to make the Wordpress back end secure...only there's no SSL cert, so it keeps redirecting to the main domain site.
Anything that involves login details should always always always be secure. That's not optional, ever.

There is also a self-generated security certificate associated to your blog subdomain, created before your problems started.

I can dig a bit more, but what I think is going on is something else happened, and you were unaware that wordpress created a self-signed certificate to enable people to log in in a secure fashion (Read: Not ------- plaintexting login details, which is absolutely retarded.), but as a result of being unaware of the self-signed security certificate, are blaming the issues on a standard wordpress install.

Just my 2c, I could be full of crap, but no one plaintexts login details in this day and age. I'm digging a little bit more in your site, however.
blaen99 is offline   Reply With Quote
Old 08-03-2012, 01:06 PM   #3
Elite Member
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

And a bit more detail...

Quote:
blog.lemuriabooks.com uses an invalid security certificate.

The certificate is only valid for the following names:
www.lemuriabooks.com , lemuriabooks.com

(Error code: ssl_error_bad_cert_domain)
I was wrong about the SSL certificate your blog subdomain is using. Your blog subdomain is using the certificate from your root domain and not the self-signed one I was originally looking at (A bit wtf, but w/es) - there's nothing to be worried about.

The error stems from b*.l*.com trying to use a certificate from l*.com that is explicitly disallowed from using subdomains (Well, more correctly only explicitly allowed to use the root domain...).

The certificate itself is nothing to worry about. Remember, WordPress needs a certificate for secure logins. What you may want to consider is simply using b*.l*.com to redirect to l*.com/b* instead - this would also fix your security certificate issue.

I'm taking a closer look at the login stuff now.
blaen99 is offline   Reply With Quote
Old 08-03-2012, 01:11 PM   #4
Elite Member
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

wget returns a 404 error on "https://blog.lemuriabooks.com/wp-login.php"

Have you been messing with your login script, Mg? According to your server, it's not there.

(Edit) IE in W7 also verifies that it's missing. The problem is with your script, not your certificates - although I did explain how to fix the certificate error in a previous post, Mg. The behavior that redirects you straight to the root (l*.com) is a browser-specific addition likely related to avoiding 404s, as only some of the browsers I use do it, and others properly display the 404 error.

(Edit edit) Unless you wrote in specific functionality to auto-ban certain browsers and return a 404 error, but I don't think it's something you'd do.
blaen99 is offline   Reply With Quote
Old 08-03-2012, 01:17 PM   #5
Crumple Zone Tester
Thread Starter
iTrader: (7)
 
mgeoffriau's Avatar
 
Join Date: Jul 2009
Location: Jackson, MS
Posts: 7,656
Total Cats: 447
Default

Thanks, appreciate your help. Keep in mind that this is (obviously) not my area of expertise. I just happen to know enough to keep it running between big problems which are then passed to our contracted tech helper. But I'm having a hard time getting in touch with him today, and any time I can get it sorted out before he gets involved saves us money, so I usually take a stab at it. But obviously I'm out of my depth here.
mgeoffriau is offline   Reply With Quote
Old 08-03-2012, 01:25 PM   #6
Elite Member
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Either it's permissions/security-related, or there's no wp-login.php file on the server. Either way, I can't diagnose more from the tools I have available from where I am - the server repeatedly tells me that there is no wp-login.php that I can access no matter what I use to try to access it.

The certs have nothing to do with it, although it's an incredibly amateur mistake to do what was done.
blaen99 is offline   Reply With Quote
Old 08-03-2012, 01:28 PM   #7
Crumple Zone Tester
Thread Starter
iTrader: (7)
 
mgeoffriau's Avatar
 
Join Date: Jul 2009
Location: Jackson, MS
Posts: 7,656
Total Cats: 447
Default

Quote:
Originally Posted by blaen99 View Post
wget returns a 404 error on "https://blog.lemuriabooks.com/wp-login.php"

Have you been messing with your login script, Mg? According to your server, it's not there.

(Edit) IE in W7 also verifies that it's missing. The problem is with your script, not your certificates - although I did explain how to fix the certificate error in a previous post, Mg. The behavior that redirects you straight to the root (l*.com) is a browser-specific addition likely related to avoiding 404s, as only some of the browsers I use do it, and others properly display the 404 error.

(Edit edit) Unless you wrote in specific functionality to auto-ban certain browsers and return a 404 error, but I don't think it's something you'd do.
I didn't make any changes, but I'm pretty confident that the Wordpress security plugin had options like that. Most of those kinds of options I left alone, as there was some question about whether they were fully compatible with all plugins and themes (which I know is their default disclaimer in case it breaks something, but I was being cautious).
mgeoffriau is offline   Reply With Quote
Old 08-03-2012, 01:32 PM   #8
Crumple Zone Tester
Thread Starter
iTrader: (7)
 
mgeoffriau's Avatar
 
Join Date: Jul 2009
Location: Jackson, MS
Posts: 7,656
Total Cats: 447
Default

What's weird is that if I go to the nonsecure URL:

http://blog.lemuriabooks.com/wp-login

I get the 404.

But if I go to the secure URL

https://blog.lemuriabooks.com/wp-login

I get the immediate redirect to the main site.
mgeoffriau is offline   Reply With Quote
Old 08-03-2012, 01:33 PM   #9
Elite Member
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Try it in different browsers, Mg. It gave different functionality depending on which browser I used, which is wtf.
blaen99 is offline   Reply With Quote
Old 08-03-2012, 01:34 PM   #10
Crumple Zone Tester
Thread Starter
iTrader: (7)
 
mgeoffriau's Avatar
 
Join Date: Jul 2009
Location: Jackson, MS
Posts: 7,656
Total Cats: 447
Default

Also, there is definitely a wp-login.php file on the server in the blog folder -- I'm looking at it via the FTP server right now.
mgeoffriau is offline   Reply With Quote
Old 08-03-2012, 01:37 PM   #11
Elite Member
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Quote:
Originally Posted by mgeoffriau View Post
Also, there is definitely a wp-login.php file on the server in the blog folder -- I'm looking at it via the FTP server right now.
Could you ls -l from that folder and copy/paste the wp-login.php line here?

(Edit) It should look similar to drwxr-xr-x 3 nick users 1024 Jan 19 11:19 lib/
blaen99 is offline   Reply With Quote
Old 08-03-2012, 01:42 PM   #12
Crumple Zone Tester
Thread Starter
iTrader: (7)
 
mgeoffriau's Avatar
 
Join Date: Jul 2009
Location: Jackson, MS
Posts: 7,656
Total Cats: 447
Default

Quote:
Originally Posted by blaen99 View Post
Could you ls -l from that folder and copy/paste the wp-login.php line here?

(Edit) It should look similar to drwxr-xr-x 3 nick users 1024 Jan 19 11:19 lib/
No clue what that means. Keep reminding yourself that I work in a bookstore and I maintain the website because I drew the short straw of knowing more computer stuff than a bunch of English and philosophy graduates.
mgeoffriau is offline   Reply With Quote
Old 08-03-2012, 01:43 PM   #13
Elite Member
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Quote:
Originally Posted by mgeoffriau View Post
No clue what that means. Keep reminding yourself that I work in a bookstore and I maintain the website because I drew the short straw of knowing more computer stuff than a bunch of English and philosophy graduates.
Get your contracted web monkey on the job.

I'm not being an ***, I promise. In order to fix this, we'll have to have you mucking around in things you definitely shouldn't be mucking around in.
blaen99 is offline   Reply With Quote
Old 08-03-2012, 01:49 PM   #14
Crumple Zone Tester
Thread Starter
iTrader: (7)
 
mgeoffriau's Avatar
 
Join Date: Jul 2009
Location: Jackson, MS
Posts: 7,656
Total Cats: 447
Default

That's fine. Thanks for trying.
mgeoffriau is offline   Reply With Quote
 
 
Reply

Related Topics
Thread Thread Starter Forum Replies Last Post
My solution for Oiltemp and Oilpressure input into Megasuirt (MS3) Zaphod MEGAsquirt 41 01-24-2016 01:25 PM
1991 special edition with hard top full part out JC, NJ russian Miata parts for sale/trade 6 10-08-2015 04:01 PM
"Chimney Ethanol" E100 MiataGarage Engine Performance 5 09-30-2015 12:04 AM
WTB HPDE miata - Texas Voltwings Cars for sale/trade 0 09-27-2015 07:40 PM


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -4. The time now is 05:59 PM.