Securing WordPress Pages with SSL

Security is one of the most important things when it comes to the online world. You are faced with threat of hackers whenever you’re online. Those people do their best to access your confidential information.  In WordPress terms, this confidential information is your administrator username and password. Once hackers get your log in details, they will be able to control your website and do whatever they want – take your site down, steal the info of your site members, and other worse case scenarios.

ssl certificateThere are plenty of ways you can secure WordPress, and another way you can make your site more secure is to enable WordPress SSL encryption for your log in session. This is extremely important since SSL encryption ensures that all of your data is encrypted before it is transmitted over the internet. This encrypted data is very difficult and next to impossible to be read by other users, especially hackers.

To get SSL security on your WordPress site, an SSL certificate is a must. If you don’t have one, you will need to get in touch with your web host to get one. If your hosting company doesn’t provide SSL certificate, you can buy SSL certificate from godaddy for $12.99/year.  Godaddy is the cheapest and most reliable option when it comes to SSL certification. Once you make the purchase, forward the details to your web host, and they can setup a SSL certificate on the server for you. Then, you can follow the steps below to get WordPress SSL security for your WordPress log in sessions.

  • The first thing you should do is to open your site directory through cPanel File Manager or the FTP.
  • Once you are at the files directory of your WordPress site, you should edit wp-config.phpfile.
  • Once you open this file, append the code below and then save the file. Actually, you can paste this code anywhere; there’s no specific place in the code where you need to insert it.

/* Enable SSL Encryption */

define(‘FORCE_SSL_LOGIN’, true);

define(‘FORCE_SSL_ADMIN’, true);

  • Once you’ve copied, pasted, and saved the code, your WordPress site admin area will load with SSL encryption. For instance, if your website domain is http://www.mysite.com, it will load the admin area as https://www.mysite.com/wp-admin.

Using WordPress SSL encryption for your site is really to your advantage. Doing the steps above will allow WordPress to use SSL encryption for the admin area. You can also setup SSL encryption for the other pages in your blog.

Setup SSL on your WordPress blog

If you sell goods or service, or have donation button, you definetely need to use SSL certificate in order not to get into trouble. Implementing SSL certificate on WordPress is very easy thanks to WordPress HTTPS plugin. Once your hosting provider sets up SSL certificate for your domain, you can use the following instructions to enable SSL on your wordpress blog:

  • Install and activate WordPress HTTPS plugin.
  • Go to HTTPS menu from WordPress admin console.
  • Enter your domain name as SSL Host
  • Check the box for “Force SSL Excusively”. If you want to enable SSL for the whole website, you don’t need to check this box. However, there is no need to enable SSL for whole website. It is better to keep few pages served via https and check the box.

https plugin settings

  • Edit the page or post your want to enable encryption. You will see HTTPS box appear on the right pane. Click on Secure Post so that this page or post will be accessible via https from now on.