So in my search for a way to secure WordPress I came over this article over at the WordPress Codex. On top of removing the install.php and the upgrade php from the wp-admin directory I wanted to secure the backend…. and for free if possible. I remembered that cacert.org will generate legit FREE ssl certs. So I created and account with them got my cert for “fauxzen.com” and logged into WHM and installed the cert for my domain. Once that was done all that was left to do was redirect and http traffic that was trying to access wp-admin/ to load https instead. I as attempting to make use of the .htaccess file to do this but only ran into problems when attempting this. I enlisted the help of google search and came across this plugin which when enabled redirects everything for you. After you enable it just make sure that in the WordPress Admin that you goto Options and change the “WordPress address (URI):” to make use of https in the address and NOT http. That should be it. So from now on when you load the wp-admin url it should convert your address over to https instead. I have tested this on WordPress 2.0.2 and it works like a charm.
There seems to be some flaws to this method… stay posted.