Wednesday, 13 September 2017

WordPress - Administration Over SSL

There are at least two ways to redirect over a SSL connection the WordPress administration.

The most usual (and recommended ways) are:

1. In the wp-config.php file

Insert into the wp-config.php file the following line:

define('FORCE_SSL_ADMIN', true);

It must be inserted somewhere above wp-settings.php location.

2. Modify the Apache virtual host settings (or .htaccess file or the main httpd.conf)


# Force SSL for wp-admin folder and wp-login.php file
    RewriteEngine On
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
    RewriteCond %{HTTPS} !=on [NC]
    RewriteRule ^/?(wp-admin/|wp-login\.php) https://your-site.com%{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]

# End Force SSL...


Notice!
For both ways, of course, you must also already have SSL configured on the server and a (virtual) host configured for the secure server before your site will work properly with these constants set to true.

A more comprehensive reference here:
https://codex.wordpress.org/Administration_Over_SSL

No comments:

Post a Comment