WordPress Administration Login forced to SSL

Using SSL (actually TSL), to log into the WordPress administration zone is nearly a must these days, and it is possible to tell WordPress to always redirect to the HTTPS  version of the wp-admin URL.

To do so, the following lines have to be added to the wp-config.php file:

// Force HTTPS for the login page
define(‘FORCE_SSL_LOGIN’, true);
// Force HTTPS for the admininistration pages
define(‘FORCE_SSL_ADMIN’, true);

Adding these lines fixes, as very nice side-effect, the nuisance of WordPress always switching back to clear-text HTTP when editing a post via a HTTPS login.

Speaking of wp-admin… Another must-have protection is to change the administration login URL to something different that the well-known name.

It totally eludes me why this is not part of the default WordPress options. But it’s not and we need to use a plugin to make this happen. An example would be “All-In-One-WP-Security”, but there might be others…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.