标题好长,一口气喘不过来。
WordPress后台设置https登录,貌似安全很多,通过在wp-config.php添加以下代码实现。
define(‘FORCE_SSL_ADMIN’,true);
在WordPress官方文档也提到在http和https两个虚拟主机里分别设置一个地址相同的链接:
Sometimes, you want your whole wp-admin to run over a secure connection using the https protocol. Conceptually, the procedure works like this:
Set up two virtual hosts with the same url (the blog url), one secure, the other not.
On the secure virtual host, set up a rewrite rule that shuttles all non-wp-admin traffic to the insecure site.
On the insecure virtual host, set up a rewrite rule that shuttles all traffic to wp-admin to the secure host.
Put in a filter (via a plugin) that filters the links in wp-admin so that once activated, administrative links are rewritten to use https and that edits cookies to work only over encrypted connections.
问题:不想开启全站https,同时http和https虚拟主机设置documentroot为不同目录时,用rewrite转来转去实在麻烦。
其实通过Apache别名可以简单搞定,在https虚拟主机设置里写入如下代码:
Alias /blogurl /pathto/http/blogurl
这样,两个虚拟主机使用的是同一个目录,还可以避免插件、主题、上传文档各种不同步问题。
前面的/blogurl指的是Wordpress url地址,比如这里就是/archives。后面的/blogurl代表物理http WordPress目录,。
不知道还有什么没发现的问题?