To ensure that logins and/or administration always happens over SSL there are 2 settings that can be set in wp-config.php.
To enforce logins over SSL add the following line-
With this setting only the login will be over SSL.
To enforce administration and logins over SSL add the following line-
This is the most secure option. It enforces both logins and administration to be over SSL.
Either setting must be placed before-
require_once(ABSPATH . ‘wp-settings.php’);
in the wp-config.php file.