How to Secure WordPress Admin & Login With SSL?

WordPress, a popular and easy-to-use Content Management System, powers over 30% of internet websites and blogs. Despite its inherent security, WordPress sites frequently face cyberattacks like – Man-in-the-middle (MITM) attacks tailored by hackers or malicious actors.

Hence, it is paramount to protect your WordPress sites and most importantly – WP admin area and login page. Securing the admin area and login page is crucial, as they are the main gateways through which – site management and sensitive operations occur.

Even search giant “Google” has mandated SSL certificates to be installed on all websites, highlighting the significance of – secure connections. But sometimes, even after installing the SSL cert, due to “n” number of issues, your website doesn’t get loaded with the HTTPS version.

Instead of HTTPS, website visitors can see the HTTP version – the insecure version. Hence, in such situations, how can you be sure that your WP site, Login, or Admin panel is secure even after installing an SSL cert?

To protect the WordPress login and admin panel with SSL, enabling the – FORCE_SSL option is recommended. This option or setting ensures that the login form and admin panel are always loaded over a secure SSL connection using – HTTPS.

Doing so, adds an extra layer of security, protecting these critical areas of your WordPress site from – unauthorized access and cyber threats.

How to Enable Force_SSL Option Within WP Site?

Follow the steps mentioned below to turn on the Force_SSL option within the WP site:

Step 1: Download and edit the wp-config.php file

Step 2: Alter the FORCE_SSL_LOGIN setting in the wp-config.php file to True.

Step 3: Enable setting for WP admin by enabling FORCE_SSL_ADMIN

Step 4: Save and replace the wp-config.php file.

Let’s explore each step in-depth.

How to Download and Edit the wp-config.php File?

Follow the steps mentioned below to download and edit the wp-config.php file:

Login to your cPannel account (hosting account) by entering the credentials.
In the cPanel, under the FILES section, locate and click on the File Manager option.
The File Manager window will open.
In the File Manager window, open the home directory.
In the home directory, open or expand the public_html folder.
From the list, select the wp-config.php file.
Click the Download button placed at the top.
Wait for downloading to finish.
Open the wp-config.php file utilizing – Notepad++ (or any other text editor).
Change settings for the FORCE_SSL option to true for both the Login page and Admin panel.

How to Alter the FORCE_SSL_LOGIN Setting in the wp-config.php File to True?

Follow the steps mentioned below to alter the FORCE_SSL_LOGIN settings:

Open the wp-config.php file.
Add define( ‘FORCE_SSL_LOGIN’, true ); line after WP_DEBUG line in the file.

Note: In the WP wp-config.php file, the FORCE_SSL_LOGIN setting is not included by – default. Hence, if you’re configuring SSL for the first time, you would be required to add this setting – manually to the file.

How to Enable Setting for FORCE_SSL_ADMIN?

Follow the steps mentioned below to turn on or enable setting for Force_SSL_Admin:

Open the wp-config.php file.
Add define( ‘FORCE_SSL_ADMIN’, true ); line after define( ‘FORCE_SSL_LOGIN’, true ); line in the file.

How to Save and Replace the wp-config.php File?

Follow the steps mentioned below to save and replace the wp-config.php file:

After adding the necessary codes, save your changes to the wp-config.php file.
Log into cPanel and access your hosting account.
Open the File Manager.
In the public_html folder, delete the – current wp-config.php file.
Upload the recently edited wp-config.php file to the – public_html folder.

Note: Before altering the wp-config.php file, backup your site. Doing so will ensure that if anything goes haywire due to the modifications made, you have a working version of your site that you can – revert back to.

What is the wp-config.php File?

The wp-config.php file in WordPress is a critical configuration file. It contains important settings related to your website’s database, including – database name, username, password, and host. It also holds – unique authentication keys and salts for security.

Additionally, it can be used to define advanced options like – WordPress debug mode, table prefix, and other “n” number of custom settings.

In lay terms, wp-config.php is the “Blueprint for how WordPress communicates with your database and manages essential aspects of your site.”

Conclusion

Securing your WordPress site, particularly the login and admin panels, with SSL is crucial. Enabling the FORCE_SSL option and making necessary edits to the wp-config.php file ensures that these critical areas are always accessed over a secure HTTPS connection.

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.

Azure Key Vault OV Code Signing

Azure Key Vault EV Code Signing

EV Code Signing