force_ssl_admin() causing issues with preview links

WordPress has a number of implicit assumptions with regards to using SSL. Specifically, if you are using force_ssl_admin, and the “front” of your site has the same domain as the “back” does, then it assumes that your entire site is actually accessible either via http or https.

This happens in a few different places. Most notably, the Theme Customizer intentionally loads the preview window (the front end view of your site) using SSL when force_ssl_admin is on and the domain of the site matches. The Preview link on the posts screen will be relative and thus will go to an SSL page too.

So, the short answer is that this is by design and it probably will not be fixed by WordPress core anytime soon. It is expected that your site will work over SSL if you’re using SSL anywhere, and so it tries to do it that way. If you have anything else on your site actively preventing the front-end from working over SSL, then it will be broken. And many in the community would say that, yes, it is supposed to do that.

You’re creating the problem yourself, essentially, by the arbitrary action of disallowing SSL on the front-end. You don’t have to actually force SSL on the front-end, but to actively disallow it can lead to security risks. How we define the “front” and “back” end of WordPress is somewhat arbitrary to begin with, and if you really want security, then it has to be capable of loading any page on the whole site with SSL, not just the stuff in wp-admin.

If your CDN is the problem here because they have no https capability, consider a different CDN that will support HTTPS, or maybe change the code to serve from the CDN only over http connections and to use the local versions of files for https ones. That’s a short term fix though. A number of CDNs let you point a domain name you control at them, and then you can set up SSL on that domain name. So if you have a certificate for example.com, you could point cdn.example.com at them, then they could use your cert for securing that connection. Or whatever, different CDN’s have different ways to support HTTPS.

In the long run, the whole of the web is moving more towards 100% SSL all-the-time. Newer protocols like SPDY (supported in most major browsers) can dramatically boost transfer speeds, and they only really work on SSL connections to begin with. With more and more “hacked” sites, and the recent NSA revelations, and everything else, unencrypted connections are rapidly falling out of favor. So most advice you’ll get nowadays will be to just bite the bullet and go forced-SSL over the whole site.

Related Posts:

  1. nginx + W3 Total Cache: rewrite rules issue [closed]
  2. Why does everybody hook add_rewrite_rule on init
  3. How does W3 Total Cache CDN URL rewrites work? [closed]
  4. htaccess rewrite conflict with wordpress rules and ssl
  5. Querystring parameter getting lost in rewrite rule
  6. W3 Total Cache, RackSpace Cloud Files, and Forcing Downloads [closed]
  7. add_rewrite_rule not producing anything in $_GET
  8. Flush_rewrite_rules not working when settings updated
  9. Varnish + W3 Total Page Cache [closed]
  10. Prettified page URL w/ query var redirects to prettified page URL w/o query var
  11. Making extra parameters optional
  12. flush_rewrite_rules() cancels the effect of add_rewrite_rule()
  13. why is are these rewrite_tags and rules not working?
  14. Redirect taxonomy to custom template to list terms in taxonomy
  15. How to change the matches in add_rewrite_rule
  16. Using add_rewrite_rule() to redirect to Front Page
  17. What add_rewrite_tag()’s RegEx matches against?
  18. add_rewrite_rule() not working
  19. add_feed and flush_rewrite_rules
  20. Rewrite rules and query for virtual page
  21. Can someone explain the function of the third parameter of “add_rewrite_tag”
  22. Best action to call add_rewrite_rule
  23. Can rewrites fallback if 404? Rewrite conflict issue
  24. Where do I USE add_rewrite_rule?
  25. add_rewrite_rule confusion
  26. add_rewrite_endpoint not working
  27. Associate the “add_rewrite_endpoint” and “$_GET”
  28. Uppercase to Lowercase in URL
  29. How to use rewrite rule or rewrite endpoint to switch languages?
  30. Remove rewrite endpoint on deactivation?
  31. Do I need to flush rewrite rules when creating new user if using custom author rewrite rules?
  32. Optimal code for two add_rewrite_rule’s
  33. How do I flush rewrite rules
  34. add_rewrite_rule redirects if value = 1
  35. Nginx Wildcard SSL with WordPress Multisite Subdomains
  36. rewrite url in wordpress
  37. How to add rewrite rule for external php file
  38. Making extra parameters optional
  39. My add_rewrite_rule is returning a 404
  40. wordpress add_rewrite_rule not working
  41. How does W3 Total Cache Load Images In Stylesheet via CDN? [closed]
  42. Rewrite without query parameter
  43. Rewrite Rules problem when rule includes homepage slug
  44. Order of rewrite rules when calling add_rewrite_rule
  45. WooCommerce – Conditional for page created by rewrite_rule
  46. add_rewrite_rule() not stored (I think)
  47. WordPress add_rewrite_rule second argument not working
  48. flush_rewrite_rules() not working on updating Settings API
  49. Rewrite rules priority
  50. Rewrite rules for short URL
  51. W3 total – leverage browser caching not working with cdn delivered images [closed]
  52. How do I turn off the blog and archives?
  53. Adding a custom rewrite rule for gallery/categories page
  54. Grab last part of the url inside rule
  55. Why isn’t my rewrite rule working when there is no second parameter?
  56. Rewrite rules applied differently after upgrade
  57. W3 Total Cache Help – How to update DNS Zone for a static domain [closed]
  58. How to do make mysite.com/post-name/sub-post?
  59. Custom rewrite rules for a page with GET variables?
  60. WordPress add a rewrite rule to a page to accept a GET variable
  61. “/” URLs without trailing slash shows 404
  62. How can I resolve search error with pagination wordpress
  63. CPT – Nice url with add_rewrite_rule
  64. WordPress – replicate same globals, query vars and query for an alternate endpoint
  65. rewrite rule not working: redirect to php script if file exists
  66. WordPress add_rewrite_rule with 2 variables
  67. Rewrite rule not working, issue may be in URI request
  68. Unable leverage Browser Caching on AWS Bitnami stack (Apache) through W3TC and Cloudfront CDN
  69. Overcoming a complex WordPress page rewrite rules request
  70. Rewrite post type into a page with year filter
  71. How to create a custom URL to another domain in WordPress
  72. WordPress matching URLs with trailing tildes code correction
  73. Rewrite Rules, Query Vars and Pagination
  74. Pretty links with add_rewrite_rule and add_query_var
  75. Serving cache from multiple domain names
  76. Flush rewrite rules when every page gives 500 error?
  77. Using add_rewrite_rule in conditional statement using $_SERVER
  78. How to change URL in WordPress
  79. WordPress Rewrite rule with custom query var
  80. default ‘post’ post type: not forcing url rewrite when args set
  81. How to add rewrite rule to point to file
  82. add_rewrite_rule doesn’t work for me
  83. Adding custom slugs: parent-page/username/child-page/
  84. WordPress Custom post type single page 404 error
  85. How bad is flush_rules() on init hook?
  86. Rewrite for page with a possible unknown parent page
  87. Rewrite the WordPress URL from custom plugin
  88. add_rewrite_rule works only with one “directory”
  89. Passing variables in the permalink structure on a custom post type
  90. W3 Total Cache + S3 + Cloudfront. [closed]
  91. How to Add Rewrite Ruled Argument Into Permalink Properly
  92. WordPress Rewrite Rules
  93. add_rewrite_rule with trailing slash redirects
  94. To what degree can use of caching-plugins and a CDN boost WordPress performance? [closed]
  95. I am facing problem in loading and downloading Mp3 files
  96. Custom URL rewrite with add_rewrite_rule
  97. Rewrite rule to index.php in theme subfolder
  98. Direct domain alias to a specific WordPress page without the page in the URL
  99. WordPress rewrite rule – not able to access second and third parameters
  100. Custom URL Rewrite Rules not working