Httpsify patch for WordPress
[Warning: this post is in technese; if you don't maintain a WordPress install, you will probably not be interested.]
I finally upgraded my WordPress installation to WordPress 1.2.2, something I’ve been putting off because I had made a bunch of code modifications in my installation that I knew would conflict with the upgrade, and I was too lazy to do the merge.
My laziness didn’t subside; I just installed the new Gentoo ebuild for WordPress without intending to update my live web with it just yet, and whoops, it updated my live web automatically. (To avoid that, you need to set the vhosts USE flag — lesson learned). So my blog was broken. To fix it, I did the upgrade to 1.2.2, and in the process cleaned up my code modifications in the form of a proper patch.
WordPress admins may be interested in the patch; it wraps HTTPS around the admin interface and the login and registration pages. So readers access the blog and post comments through plain HTTP, but writers go through HTTPS when sending their password and performing administrative functions. This decreases the possibility of a visit from the internet bogeyman. It may be unnecessary, but I did not feel like proving that to myself. And there may be better ways to do it, but I didn’t bother to sit and ponder them. Lazy, remember.
Get it here: wordpress-1.2.2-httpsify.patch. And please send any suggestions or corrections my way.