Requiring SSL encryption for WordPress administration

I was digging around for WordPress plugins last night that would allow me to secure the administrative login page for my WordPress installations. Most of the plugins are only compatible with WordPress 2.7.x or earlier, so I was a little concerned about them working with WordPress 2.8.2.

Then I stumbled upon the WordPress documentation that shows you how to require SSL with no plugins at all. If you're using WordPress 2.6+, you can use these super-simple instructions:

Require encryption just for the /wp-admin/ login, but leave the rest of the administrative area on HTTP:

# Add this line to wp-config.php
define('FORCE_SSL_LOGIN', true);

To encrypt the login and the entire administrative area:

# Add this line to wp-config.php
define('FORCE_SSL_ADMIN', true);

Of course, for this to work, you'll need virtual hosts on ports 80 and 443 for your blog. Also, you'll need an SSL certificate for your blog. You can snag one from a reputable provider or make your own.

This entry was posted on 31/07/2009 (Friday) at 8:13 am and is filed under Blog Posts. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
Printed from: http://rackerhacker.com/2009/07/31/requiring-ssl-encryption-for-wordpress-administration/ .
© Major Hayden 2012.

4 Comments   »


RSS feed for comments on this post

Leave a Reply

 

  • Welcome! I started this blog as a way to give back to all of the other system administrators who have taught me something in the past. Writing these posts brings me a lot of enjoyment and I hope you find the information useful. If you spot something that's incorrect or confusing, please write a comment and let me know. Drop me a line if there's something you want to know more about and I'll do my best to write a post on the topic.
    -- Major Hayden

    Flattr this