Forcing your WordPress Administration Panel to use SSL ensures that the data contained in your back end is resistant to things like man-in-the-middle attacks and prevents packet sniffing. The data transmitted through your back end can be sensitive and using SSL is a great step in making sure that you’re able to protect that information.
There are a couple ways to make sure that WordPress Administration is using SSL.
Please note: Anytime you use SSL, your server must be equipped with an SSL certificate that will identify it to the world and facilitate verifying that the data being sent from your server has not been modified in anyway. Make sure your host has SSL set up for your server before you try anything related to SSL.
Forcing SSL on the Login Page and Administration Panel
WordPress has a built-in constant that will redirect all users accessing the administration panel, as well as any login pages, to SSL. The line simply must be dropped in your
wp-config.php and it will immediately start working.
define( 'FORCE_SSL_ADMIN', true );
This simple line of code identifies to WordPress that you want all users accessing the back end of your site to be using the SSL protocol. Any traffic that is not using SSL will be redirected.
If for some reason you only want to use SSL on your login page, you can switch to the following constant
define( 'FORCE_SSL_LOGIN', true );
Check out our other posts on using SSL!
Like this tutorial? Subscribe and get the latest tutorials delivered straight to your inbox or feed reader.