Admin... by accident!

You may have chosen to be an admin. I didn't!

WordPress administration over SSL

by

If you are a WordPress user or prettend to become one and you have some IT administration knowledge this guide is of your interest. Many hostings already provide easy point and click solutions to administer WordPress over SSL. However you may be self hosting WordPress or you’re just a curious person.

What is TLS? TLS stands for Transport Layer Security. One implementation is OpenSSL. OpenSSL is a software library (a program) used to secure communications between computers. It accomplishes its goal with the help of crytography. Say you have followed my guides in order to get a functioning FAMP server, you have enabled SSL on Apache, installed WordPress securely and the only missing step is defaulting to an https connection any time you log in to your WordPress. Remember to also have short look to my minimal guide on how to secure a FreeBSD server.

If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.

WordPress themselves have a very good guide on how to accomplish this. But I recommend the following steps. However if you feel more inclined to follow other steps, you’re more than welcome to do so! This said modern browsers do tend to redirect you to https anytime you log in to your WordPress. Nevertheless the following step should be mandatory since attackers may be using old browsers or bots with old user agents settings to fool your Apache server.

So in order to get WordPress administration over SSL one easy step is edit your wp-config.php file and add the following lines:

define('FORCE_SSL_LOGIN', true);

define('FORCE_SSL_ADMIN', true);

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

$_SERVER['HTTPS']='on';

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)

$_SERVER['HTTPS']='on';

You may prefer another method but if that is the case I am more than sure you already know quite a lot about WordPress administration and servers in general.

This same setup can be built in DigitalOcean. Use this link to get 100 $ credit at DOcean and support Adminbyaccident.com hosting costs.