WordPress Administration Over SSL

Do you frequently log-in to your WordPress install over public WiFi networks? While it may seem like paranoia to some people, it’s really not a good idea to log into important sites over an unencrypted connection. There’s always a possibility that someone could be packet sniffing. If you run a high-profile blog, you might want to consider acquiring an SSL certificate. (A certificate is a sort of public key used to establish an encrypted connection.) With a certificate, you can log into WordPress with an HTTPS connection. This encrypts traffic between you and your server, making it impossible for anybody to intercept your password while you work from a café.

It’s a bit of a pain to set up SSL, but many web hosts will do it for you. WPWebHost, for instance, will configure SSL for you if you get a certificate. They run around $89/year (I know, what a racket…) from most certificate authorities, and some hosts will charge a small set-up fee. VPS.net, on the other hand, has a deal with Comodo where you can get a free SSL certificate as long as you are hosted by them. You have to set everything up on your own, though.

What do you do once you have a security certificate? There’s a Codex article on the subject. There are a couple of WordPress constants in wp-config.php that you can toggle on to force everything in the /wp-admin directory to be served over HTTPS, the login page most importantly.

You probably won’t ever have to worry about this, unless you run a very large blog or you like to work from a coffee shop across the street from a computer security convention. WordPress.com users are lucky; they can just go to https://wordpress.com/wp-login.php to log in securely.

  • Steve Robillard

    If you don’t get an SSL cert with your hosting you can get one signifcantly cheaper here https://www.cheapssls.com.

  • http://www.freelancewatercooler.com Freelance Water Cooler

    Wow, I never thought of that. I’m always keeping website security in mind, especially when it comes to my credit card information, but I never think about my WordPress logins. I run a few different sites and blogs, most of which are designed using WordPress, because I LOVE WordPress. (And one day I hope to be running a large blog or two…) It’s a great point, and something I will have to keep in mind. Thanks for this post!