We have a site which is HTTP, but it has an admin part. How can we secure the admin part with HTTPS?
For example, WordPress (which I know) is located at http://foo.com, but we want to have https://foo.com/wp-admin/
How to do this?
Asked
Active
Viewed 534 times
6
Simon Hayter
- 32,999
- 7
- 59
- 119
John Thomas
- 247
- 1
- 6
-
I would suggest adding the 'https' tag, too. – VxJasonxV Sep 20 '10 at 06:59
2 Answers
5
A generic non-application way to force an entire directory and its subdirectories to use SSL can be achieved with Apache:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Simply put that in a the .htaccess file of the directory you wish to secure. If you put it in your root directory it will force your whole site to be secure.
Simon Hayter
- 32,999
- 7
- 59
- 119
John Conde
- 86,255
- 27
- 146
- 241
-
Just looking at this old question (recently updated). This method is only part of the story (as described here). Ultimately, it's only as secure as the user verifies it is. – Bruno Apr 13 '12 at 00:41
3
I'll assume you already have an SSL certificate, and have Apache (or $HTTPD) configured properly to work with SSL requests. If this is a bad assumption, let me know.
Otherwise, the quickest way to wrangle WordPress into forcing SSL for logins/admin pages would be the Admin SSL WP Plugin. Install it, activate it, et voilá.
VxJasonxV
- 288
- 2
- 9