You have a few options when it comes to SSL. You can force WordPress to use SSL for logins only, or you can use SSL for all administration sessions.
With the SSL login option, your username and password will be handled in a secure transaction. All your other traffic, including the authorization cookies you receive from WordPress, will be sent in the clear.
With SSL-only admin sessions, your username, password, and all your authorization cookies will be encrypted. While this is obviously somewhat more secure, it is slower. For most situations, SSL logins should be sufficient. The login option allows users to choose whether or not to use SSL for the entire admin session or just the login.
Listing 11-1 shows the two lines you may add to wp-config.php to enable SSL support. Choose just one of these!
Listing 11-1. SSL settings in wp-config.php
// https for all admin sessions: define('FORCE_SSL_ADMIN', true);
//https required for login; optional for the rest of the admin session: define('FORCE_SSL_LOGIN', true);
The Admin SSL plugin has always been a popular choice for managing SSL options, but as of this writing it has not been updated to work with version 2.9.
Was this article helpful?