#WordPress Security Tip – Enforce SSL for Login & Administration

To ensure that logins and/or administration always happens over SSL there are 2 settings that can be set in wp-config.php.

To enforce logins over SSL add the following line-

define(‘FORCE_SSL_LOGIN’, true);

With this setting only the login will be over SSL.

To enforce administration and logins over SSL add the following line-

define(‘FORCE_SSL_ADMIN’, true);

This is the most secure option. It enforces both logins and administration to be over SSL.

Either setting must be placed before-

require_once(ABSPATH . ‘wp-settings.php’);

in the wp-config.php file.

