Site icon Efficient Coder

WordPress _SSL_ADMIN already defined Error: Complete Guide for Small Business Site Owners

高效码农

For many small business site owners, enabling HTTPS on WordPress is essential. However, you might encounter this frustrating error:

_SSL_ADMIN already defined in /www/wwwroot/xxx/wp-config.php on line 102

This guide will help you:

  • Understand why this error occurs
  • Safely troubleshoot plugin and configuration conflicts
  • Set up SSL correctly in WordPress
  • Avoid similar issues in the future

Even if you’re not a developer, you can follow this guide step by step.

1. Why _SSL_ADMIN already defined Occurs

This PHP warning appears because:

  1. A constant is defined twice
    PHP triggers a “constant already defined” error if a constant is declared multiple times.

  2. _SSL_ADMIN is not an official WordPress constant
    The official WordPress constant for enforcing HTTPS in the admin dashboard is:

    define('FORCE_SSL_ADMIN', true);

  3. Plugins or themes define _SSL_ADMIN
    Some older SSL plugins or theme code might define _SSL_ADMIN. If you also manually define it in wp-config.php, the error occurs.

Key takeaway: This error is caused by duplicate constant declarations, often between your custom code and plugins.

2. Official WordPress SSL Configuration

Use the official constant and handle reverse proxies (like Cloudflare) correctly:

// Enforce HTTPS in WordPress admin
if (!defined('FORCE_SSL_ADMIN')) {
    define('FORCE_SSL_ADMIN', true);
}

// Handle Cloudflare or other reverse proxies
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

Do not define _SSL_ADMIN; it is unnecessary and can cause conflicts.

3. Step-by-Step Troubleshooting

Step 1: Search for _SSL_ADMIN

SSH into your server:

cd /www/wwwroot/xugjblog
grep -RIn "_SSL_ADMIN" .

Example output:

./wp-config.php:102:define('_SSL_ADMIN', true);
./wp-content/plugins/old-ssl-plugin/plugin.php:10:define('_SSL_ADMIN', true);
  • First line: manually defined _SSL_ADMIN
  • Second line: plugin-defined _SSL_ADMIN

Step 2: Remove or Conditionally Define Constants

Recommended approach:

if (!defined('_SSL_ADMIN')) {
    define('_SSL_ADMIN', true);
}

Or better, use the official constant:

if (!defined('FORCE_SSL_ADMIN')) {
    define('FORCE_SSL_ADMIN', true);
}

Step 3: Clear PHP Cache and Restart Services

PHP Opcache can cache old versions of files:

sudo systemctl reload php8.1-fpm
sudo systemctl reload nginx

For Apache:

sudo systemctl reload apache2

Step 4: Check for Plugin Conflicts

Temporarily disable all plugins:

cd wp-content
mv plugins plugins.disabled
  • Reload your site
  • Re-enable plugins one by one to find conflicts

4. HTTPS Architecture Diagram (Mermaid)

flowchart LR
U[User Browser] -->|HTTPS Request| C[Cloudflare CDN]
C -->|Full/Strict HTTPS| S[Nginx / Apache Server]
S -->|HTTPS| W[WordPress Admin]
W -->|FORCE_SSL_ADMIN| D[Admin Login & Security]
W -->|Frontend Assets| F[Plugins Handle HTTPS Links]

Explanation:

  • Cloudflare handles end-to-end HTTPS
  • Nginx/Apache enforces 301 redirects
  • WordPress FORCE_SSL_ADMIN ensures backend security
  • Plugins can fix frontend HTTPS links

5. Typical Cases & Solutions

Case Cause Solution
Really Simple SSL plugin triggers _SSL_ADMIN already defined Plugin defines _SSL_ADMIN, user also defined it Remove manual _SSL_ADMIN definition; use FORCE_SSL_ADMIN
Admin dashboard HTTPS not working Reverse proxy (Cloudflare) not detected Use $_SERVER['HTTP_X_FORWARDED_PROTO'] check
PHP cache causes error to persist Opcache caches old files Restart PHP-FPM and clear cache
Multiple plugin conflicts Several plugins define _SSL_ADMIN Disable conflicting plugins or update them

6. Recommended wp-config.php SSL Setup

<?php
// Enforce WordPress admin HTTPS
if (!defined('FORCE_SSL_ADMIN') && !defined('_SSL_ADMIN')) {
    define('FORCE_SSL_ADMIN', true);
}

// Detect HTTPS behind Cloudflare
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

// Optional: prevent plugin from redefining _SSL_ADMIN
if (!defined('_SSL_ADMIN')) {
    define('_SSL_ADMIN', true);
}

7. FAQ (SEO Optimized)

Q1: Why does admin HTTPS fail after removing _SSL_ADMIN?
A: Ensure FORCE_SSL_ADMIN is defined, and Cloudflare/Nginx properly detect HTTPS.

Q2: What if a plugin requires _SSL_ADMIN?
A: Use conditional definition:

if (!defined('_SSL_ADMIN')) define('_SSL_ADMIN', true);

Q3: Modifications still cause errors?
A: Clear PHP Opcache and restart PHP-FPM.

Q4: Can I use Cloudflare and WordPress FORCE_SSL_ADMIN together?
A: Yes. Recommended architecture:

flowchart TD
U[User Browser] --> C[Cloudflare CDN]
C --> S[Nginx / Apache Server]
S --> W[WordPress Admin (FORCE_SSL_ADMIN)]

8. Best Practices for WordPress SSL

  1. Always use the official constant FORCE_SSL_ADMIN
  2. Wrap constants in conditional definitions
  3. Handle HTTPS behind reverse proxies
  4. Update or disable conflicting plugins
  5. Clear PHP-FPM / Opcache after changes
  6. Periodically review wp-config.php for custom constants

9. SEO & GEO Optimized JSON-LD Schema

{
  "@context": "https://schema.org",
  "@type": "TechArticle",
  "headline": "WordPress _SSL_ADMIN already defined Error: Complete Guide",
  "author": {"@type": "Person", "name": "Jack Xu"},
  "publisher": {"@type": "Organization", "name": "XUGJ Blog"},
  "datePublished": "2025-12-11",
  "dateModified": "2025-12-11",
  "keywords": "WordPress, SSL, HTTPS, FORCE_SSL_ADMIN, _SSL_ADMIN, tutorial, plugin conflict",
  "description": "A step-by-step guide for small business WordPress owners to resolve _SSL_ADMIN already defined error, configure SSL correctly, and avoid plugin conflicts.",
  "mainEntity": [
    {
      "@type": "Question",
      "name": "Why does WordPress show _SSL_ADMIN already defined?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Because a PHP constant is defined multiple times, and _SSL_ADMIN is not an official WordPress constant."
      }
    },
    {
      "@type": "Question",
      "name": "How do I configure HTTPS in WordPress admin correctly?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Use the official constant FORCE_SSL_ADMIN and handle $_SERVER['HTTP_X_FORWARDED_PROTO'] behind reverse proxies."
      }
    }
  ]
}

10. Conclusion

Following this guide, you can:

  • Resolve _SSL_ADMIN already defined errors completely
  • Configure WordPress backend HTTPS correctly
  • Handle Cloudflare and reverse proxy scenarios
  • Avoid plugin conflicts and caching issues

Core rule: use official constants + conditional definitions + clear cache = stable and secure WordPress HTTPS.

Exit mobile version