Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL for authoring

GoDaddy was great in helping me get my SSL certificate and installing it on my site.  The important step in enabling this in WordPress is to cause WordPress to use SSL for administration functions, and especially when logging in.  This is needed now that sites that do not do this are being labelled as insecure sites.  I was warned about this in my WordPress Admin software, but they (and the documentation they pointed me to) did not mention the crucial detail below.


The missing step in the WordPress documentation (they have a single page devoted exclusively to this issue) is that you must edit your config file (wp_config.php)

to include this line:

/** Force all logins and admin sessions to be over SSL */
define('FORCE_SSL_ADMIN', true);


before anything is executed.


To find where this file is, and to see what other similar files exist, do a backup of all of the files, and unzip them onto a local disk.  This lets you see what you have right now, and even play with it a little without fear of mucking anything up.

The WordPress management software is so good you rarely have to drop down to this level of the system.  In order to force use of SSL when it is needed, but without forcing users of your blog to use SSL, this is what needs to be done.

Once you look at these files, you can dive into the WordPress documentation to answer questions about what some of these files do.  Most of the time, the changes you need to make to these files can be done through the WordPress admin software, though, so you don't need to know too much about these files unless you are really getting deep into augmenting your template or adding other software.



In my opinion, you'd be better off running SSL in both admin and public pages. You can update to this by editing the urls in Settings/General Settings.