Cryptosmith

This is more of a reminder to myself – you can enable SSL on WordPress, but it’s essentially an undocumented feature. This afternoon all I could find was a forum posting on enabling SSL.

There doesn’t seem to be genuine documentation on it in the Codex, at least, not documentation that pops out when you do a search.

It’s actually not too hard to enable SSL. All you do is include one or both of the following lines in your “wp-config.php” file:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);

Once you have those bad boys defined and uploaded, SSL takes effect. The first one protects Admin stuff and the second one protects login. In fact, all they do is allow you to use SSL. They don’t really seem to “force” SSL use. I have some SSL enabled on Cryptosmith, but the blog seems to be perfectly happy to let people bypass SSL when logging in.

Actually, the first and most authoritative documentation on this is a blog post by Ryan Boren on SSL and revised cookie support in WordPress 2.6.

Posted under Security & WordPress | No Comments »