WordPress Administration and Logins over SSL

Categorised in: ,

March 12, 2014 9:19 pm | Published by Matt

There are a variety of methods to enable SSL for secure connection when accessing your WordPress websites logins and administration panel. This post assumes that you have already purchased and configured an SSL certificate on your hosting account / domain that you have WordPress installed on and would like to configure SSL admin access. If you dont have an SSL certificate in place and configured, this is required before continuing with the post.

The most effective and simplest method to enable and enforce WordPress administration and logins over SSL is to make a change to your installations wp-config.php file located in the root directory of your WordPress installation.

WordPress Logins over SSL via wp-config.php Update

To force SSL connections for your WordPress site account logins the following code can be added to your wp-config.php file.

define(‘FORCE_SSL_LOGIN’, true);

The above code will only enable SSL for account logins and NOT your administration panel.

The code has to be added to your wp-config.php file before the following comment contained within the file and contained within the opening php statement.

/* That’s all, stop editing! Happy blogging. */

WordPress Administration & Logins over SSL via wp-config.php Update

If you wish to force SSL for access to both your WordPress administration panel and for logins then the following code needs to be implemented.

define(‘FORCE_SSL_ADMIN’, true);

Again this code needs to be added to your wp-config.php file before the following comment contained within the file and contained within the opening php statement.

/* That’s all, stop editing! Happy blogging. */

A cautionary note; Please ensure that you only implement only one of these methods, both lines of code are not required. The method that best suits your requirements should be implemented.

WordPress SSL Plugins

If you are not confident in making the above edits or do not have access to your WordPress code base to make an update then one of the following WordPress SSL plugins may be useful:

WordPress HTTPS (SSL): https://wordpress.org/plugins/wordpress-https/

SSL Insecure Content Fixer: https://wordpress.org/plugins/ssl-insecure-content-fixer/

SSL for Logged in Users: https://wordpress.org/plugins/ssl-for-logged-in-users/