Admin... by accident!

You may have chosen to be an admin. I didn't!

WordPress administration over SSL

by

If you are a WordPress user or prettend to become one and you have some IT administration knowledge this guide is of your interest. Many hostings already provide easy point and click solutions to administer WordPress over SSL. However you may be self hosting WordPress or you’re just a curious person.

What is TLS? TLS stands for Transport Layer Security. One implementation is OpenSSL. OpenSSL is a software library (a program) used to secure communications between computers. It accomplishes its goal with the help of crytography. Say you have followed my guides in order to get a functioning FAMP server, you have enabled SSL on Apache, installed WordPress securely and the only missing step is defaulting to an https connection any time you log in to your WordPress. Remember to also have short look to my minimal guide on how to secure a FreeBSD server.

If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.

Use this link to get $200 credit at DigitalOcean and support Adminbyaccident.com costs.

Get $100 credit for free at Vultr using this link and support Adminbyaccident.com costs.

Mind Vultr supports FreeBSD on their VPS offer.

WordPress themselves have a very good guide on how to accomplish this. But I recommend the following steps. However if you feel more inclined to follow other steps, you’re more than welcome to do so! This said modern browsers do tend to redirect you to https anytime you log in to your WordPress. Nevertheless the following step should be mandatory since attackers may be using old browsers or bots with old user agents settings to fool your Apache server.

So in order to get WordPress administration over SSL one easy step is edit your wp-config.php file and add the following lines:

define('FORCE_SSL_LOGIN', true);

define('FORCE_SSL_ADMIN', true);

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

$_SERVER['HTTPS']='on';

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)

$_SERVER['HTTPS']='on';

You may prefer another method but if that is the case I am more than sure you already know quite a lot about WordPress administration and servers in general.