Why would you like to secure your wp-admin session with SSL? Remember – Big Brother is always watching – so don’t make his life easy.

In order to use SSL in wp-admin the most important thing is to enable SSL in WWW server’s vhost (eg. Apache). When SSL is turned on for your WordPress domain it will work just out of the box.

So what is also important here? You should always make users use SSL in wp-admin sessions. So make it obligatory. You can do it using mod_rewrite in Apache webserver (httpd.conf or .htaccess):

RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteRule “^(/wp-admin/.*)” “https://%{HTTP_HOST}$1” [R=301,L]

Or simplier - editing Your wp-config.php file - add below line:

define(‘FORCE_SSL_ADMIN’, true);

somewhere before the folliwing line:

require_once(ABSPATH . ‘wp-settings.php’);

And that should do the trick!

Comments