WordPress Administration Login forced to SSL

Using SSL (actually TSL), to log into the WordPress administration zone is nearly a must these days, and it is possible to tell WordPress to always redirect to the HTTPS  version of the wp-admin URL.

To do so, the following lines have to be added to the wp-config.php file:

// Force HTTPS for the login page
define(‘FORCE_SSL_LOGIN’, true);
// Force HTTPS for the admininistration pages
define(‘FORCE_SSL_ADMIN’, true);

Adding these lines fixes, as very nice side-effect, the nuisance of WordPress always switching back to clear-text HTTP when editing a post via a HTTPS login.

Speaking of wp-admin… Another must-have protection is to change the administration login URL to something different that the well-known name.

It totally eludes me why this is not part of the default WordPress options. But it’s not and we need to use a plugin to make this happen. An example would be “All-In-One-WP-Security”, but there might be others…

Leave a Reply

Your email address will not be published. Required fields are marked *