You might have seen a few websites with a lock icon inside the URL bar. The lock icon implies that it’s an SSL secured website. In normal case, the login credentials are transferred in a text data from, which is pretty much open and viewable across the network nodes. SSL technology encrypts the data transferred between user computer and the main server. The text data is encrypted using a public key; for which the private decryption key is only available at the server side. Thus an SSL enabled website would prevent data theft at public, enterprise level networks and other unsecured platforms. Here in this article, we will explain a simple method to protect WordPress login and admin pages with SSL security.
The following image illustrate the flow of information through different network nodes.
So when SSL is not enabled, your password and user name is at risk in these locations.
There are two types of SSL certificates, private and shared. The free shared SSL uses the domain name of the web hosting provider-so that it would result in browser warnings. However, the private SSL is installed on users own domain name. Comodo, Thawte, Verisign, Trustico and many other companies offers private SSL certificates with latest encryption technology and browser support. The top-end shared hosting plans of certain providers include free private SSL facility. In all case, you will need to request the customer support of the web hosting company to install SSL on your domain.
Protect WordPress login and admin pages with SSL:
We can force SSL on WordPress by editing the wp-config.php file. However, the process its much simpler with a plugin called Admin SSL.
Just install Admin SSL plugin from the directory, select the option “Secure my site with SSL” and save the settings. This option can only be used with private SSL certificates. Others should get a shared SSL URL from the hosting company and fill it within the second box. The shared SSL is free on all web hosting plans from Hostgator.
Example for shared SSL URL in Hostgator: https://gator98.hostgator.com/~smartin
Here “smartin” is the cPanel user name and “gator98.hostgator.com” is the server address from welcome mail.
Admin SSL protects wp-login and wp-admin/profile.php pages of WordPress, where we enter login information. The Additional URLs settings in the plugin can be used to add other pages of the blog to this list.
Example Wordpess login page with SSL: www.smartin.in/wp-login.php