Home / Tips / Web and Server / Best way to access WP-ADMIN using SSL

Best way to access WP-ADMIN using SSL

To easily enable (and enforce) WordPress administration over SSL, there are two constants that you can define in your site’s wp-config.php file. It is not sufficient to define these constants in a plugin file; they must be defined in your wp-config.php file. You must also already have SSL configured on the server and a (virtual) host configured for the secure server before your site will work properly with these constants set to true.

Note: FORCE_SSL_LOGIN was deprecated in Version 4.0. Please use FORCE_SSL_ADMIN.

To Force SSL Logins and SSL Admin Access

The constant FORCE_SSL_ADMIN can be set to true in the wp-config.php file to force all logins and all admin sessions to happen over SSL.

Example

  define('FORCE_SSL_ADMIN', true);

Note: FORCE_SSL_ADMIN should be set before wp-settings.php is required.

Using a Reverse Proxy

If WordPress is hosted behind a reverse proxy that provides SSL, but is hosted itself without SSL, these options will initially send any requests into an infinite redirect loop. To avoid this, you may configure WordPress to recognize the HTTP_X_FORWARDED_PROTO header (assuming you have properly configured the reverse proxy to set that header).

Example

define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain 
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       $_SERVER['HTTPS']='on';

Source :

WordPress

Like
Like Love Haha Wow Sad Angry

Check Also

openvz,kvm,xen

The differences and the advantages of OpenVZ, Xen, and KVM

Hi Netlyer?! Ever wondering This overview is intended to be just that, this is just …

Come on join the discussion

You can contribute by commenting

Notify of
avatar
wpDiscuz