-
Notifications
You must be signed in to change notification settings - Fork 2
Dark Matter and HTTPS
Dark Matter plugin supports HTTPS for both the Admin domain and all mapped domains, which is optional on a per domain basis.
If you plan to provide HTTPS at any stage for a mapped domain, then your Admin Domain should also be HTTPS.
Aside from the security benefits of ensuring your admin area (in which you login with your username / password), this is to prevent "mix content warnings" being produced by the admin bar by a number of plugins. For example; Jetpack's Stats module provides a small graph showing your most recent traffic in two-hour segments in the admin bar on the front-end of the website. If the mapped domain is HTTPS and the admin domain is HTTP, then this small graph will be produced over HTTP.
In such scenarios, it could cause WordPress to prompt for a login box and inadvertently log you out of WordPress in a hap-hazard and random fashion. For this reason, Dark Matter should be used in environments where the admin domain is always HTTPS irrespective of the mapped domains per blog.
To guarantee this, make sure to see the Force SSL Admin flag in your wp-config.php file like so;
define( 'FORCE_SSL_ADMIN', true );