diff --git a/admin/index.php b/admin/index.php
index 6d97e525a2deb..0db307f38eb7b 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -574,6 +574,13 @@
         print_box(get_string('datarootsecuritywarning', 'admin', $CFG->dataroot), 'generalbox adminwarning');
     }
 
+    if (substr($CFG->wwwroot, -1) == '/') {
+        print_box(get_string('cfgwwwrootslashwarning', 'admin'), 'generalbox adminwarning');
+    }
+    if (strpos($ME, $CFG->httpswwwroot.'/') === false) {
+        print_box(get_string('cfgwwwrootwarning', 'admin'), 'generalbox adminwarning');
+    }
+
 /// If no recently cron run
     $lastcron = get_field_sql('SELECT max(lastcron) FROM ' . $CFG->prefix . 'modules');
     if (time() - $lastcron > 3600 * 24) {
diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php
index 7b95eb5cab0d0..cdbddf4a88636 100644
--- a/lang/en_utf8/admin.php
+++ b/lang/en_utf8/admin.php
@@ -36,6 +36,8 @@
 $string['cachetype'] = 'Cache Type';
 $string['calendar_weekend'] = 'Weekend Days';
 $string['calendarsettings'] = 'Calendar';
+$string['cfgwwwrootwarning'] = 'You have defined &#36;CFG->wwwroot incorrectly in your config.php file. It does not match the URL you are using to access this page. Please correct it, or you will experience strange bugs like <a href=\'http://tracker.moodle.org/browse/MDL-11061\'>MDL-11061</a>.';
+$string['cfgwwwrootslashwarning'] = 'You have defined &#36;CFG->wwwroot incorrectly in your config.php file. You have included a \'/\' character at the end. Please remove it, or you will experience strange bugs like <a href=\'http://tracker.moodle.org/browse/MDL-11061\'>MDL-11061</a>.';
 $string['change'] = 'change';
 $string['changesitelang'] = 'Change site language';
 $string['choosefiletoedit'] = 'Choose file to edit';
diff --git a/lib/weblib.php b/lib/weblib.php
index 209916bcc478c..72b20cef1931f 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -271,6 +271,9 @@ function qualified_me() {
         }
     }
 
+    // TODO, this does not work in the situation described in MDL-11061, but
+    // I don't know how to fix it. Possibly believe $CFG->wwwroot ahead of what
+    // the server reports.
     if (isset($_SERVER['HTTPS'])) {
         $protocol = ($_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
     } else if (isset($_SERVER['SERVER_PORT'])) { # Apache2 does not export $_SERVER['HTTPS']