Diamond Lock, CC licensed on flickr by mfshadowToday I upgraded my blogs to Wordpress 2.1, since I hadn't updated them in a little while and I didn't find the time until today.

While the upgrade worked well (and it apparently comes with quite a few MySQL optimizations and other neat features), I realized that my admin pages which I serve via HTTPS now had a "broken key" symbol: All URLs inside the page source code were unencrypted HTTP now, probably because they are now not build relatively to the page URL anymore. Bad side effect: I couldn't upload any files for blog posts anymore since my login cookie didn't work for HTTP (which is not a bug but a feature, obviously ;)).

At first I tried to change the "wordpress URL" in the options to https://... which worked, but that ended up also serving the CSS files and feeds and such on the public page as HTTPS -- leading to unnecessary stress on my little server and, much worse, to a certificate warning for every one of my users who happens not to have imported the CACert root certificate (which, quite frankly, is almost everyone).

After a little research however I found the Wordpress Secure Admin Plugin which is infinitely easy to install and does exactly what it should: It makes sure all URLs in the admin interface are HTTPSed, re-enabling me to log into my blog encryptedly. It also encrypts the login cookie now, reducing the risk of session hijacking.

Another Wordpress plugin on my "must have" list.

(lock picture source: CC by-nd licensed by mfshadow on flickr)

Was this helpful? Buy me a coffee with Bitcoin! (What is this?)

Updating Adobe Flash Without Restarting Firefox

No reason for a Flash upgrade to shut down your entire browser, even if it claims so.It's 2015, and the love-hate relationship of the Web...… Continue reading

Reddit's Fail-Alien (or "Fail-ien?")

Published on January 15, 2015