Website admins are always concerned about security of their site and no doubt they should be. In today’s world, there is a constant threat of hackers lurking around, who are always trying to find that loophole and how they can get your confidential information. The most important confidential information for a WordPress administrator, is the admin username and password. Once they get the login credentials, then can do just anything they wish to. They can hide their malicious code in any theme files, which would be very hard to find later on. Thus, to prevent this situation and to harden security, we can enable SSL support in WordPress with a few simple steps.
We have already discussed WordPress security tips, but by enabling SSL encryption for login session in WordPress we can enable an extra layer of security to the site.
Those who are not aware of what SSL (Secure Sockets Layer) encryption is, basically this is a protocol used over the internet for securing transactions made between client to server. All the data are encrypted before they are transmitted over the web. Thus, this encrypted format makes it harder for someone to read that data. You must have noted during payment process on shopping sites, that their URL changes from HTTP to HTTPS (Hypertext Transfer Protocol Secure). This is what makes a webpage secure, and this is what we’re trying to achieve with this tutorial.
Note that there would not be any change in front-end. Your visitors would be able to surf the site normally. After the completion of this process, your administration (wp-admin) over SSL (HTTPS) will be enabled.
How to Enable SSL Security to WordPress
First things first, before starting this process, you’ll need to purchase SSL certificate from your domain registrar or webhost and then install it on your webhost. To enable SSL, you’ll also need to purchase dedicated IP address which costs approx $2 per month.
There are many different types of SSL certificates like Positive SSL, Positive SSL wildcard, EssentialSSL, Comodo Instant SSL and many more. For many users out there, a Comodo Positive SSL certificate (available for $9) would do just fine. Some of these SSL certificates are for ecommerce sites, but for a regular WordPress user, this is not needed. Namecheap offers vast choices of SSL certificates, check it out from here. Some of them are really affordable, you can also compare all these different certificates.
Now comes the step to install SSL certificate. There is no universal process for doing this, as it may depend on how your webhost defines all the terms and which SSL certificate you purchase. After purchasing SSL, you can contact your webhost and seek their help in installing that certificate.
After installing the SSL certificate, connect your FTP client or File manager from cPanel. Navigate to your WordPress installation directory and download wp-config.php.
This is the core WordPress configuration file, therefore edit it with utmost care. Add the below code:
define(‘FORCE_SSL_ADMIN’, true);
Place the code “before” this line:
/* That’s all, stop editing! Happy blogging. */
Finally after editing, it would look like:
define(‘FORCE_SSL_ADMIN’, true);
/* That’s all, stop editing! Happy blogging. */
This will enable SSL (HTTPS) for complete wp-admin area (recommended).
If you want to enable SSL only during login (not recommended), then use this code:
define(‘FORCE_SSL_LOGIN’, true);
Here’s a detailed explanation:
FORCE_SSL_ADMIN: Use this when you want to secure logins and the admin area, both. This means your entire admin panel will use HTTPS.
FORCE_SSL_LOGIN: Use this when you want to secure logins area only. This will force only the login page to use HTTPS.
After doing this, save and upload your wp-config.php file. With this being done, you have successfully forced SSL encryption for your admin area. Now when you enter http://www.mysite.com, it will load the admin area of the same with https://www.mysite.com/wp-admin.
The process to force WordPress to use SSL for the administration area is complete. Now you should be surfing along a totally secured admin panel. Welcome to a more secured site.
Leave a Reply