WordPress Admin over SSL.. For Free!

So in my search for a way to secure WordPress I came over this article over at the WordPress Codex. On top of removing the install.php and the upgrade php from the wp-admin directory I wanted to secure the backend…. and for free if possible. I remembered that cacert.org will generate legit FREE ssl certs. So I created and account with them got my cert for “fauxzen.com” and logged into WHM and installed the cert for my domain. Once that was done all that was left to do was redirect and http traffic that was trying to access wp-admin/ to load https instead. I as attempting to make use of the .htaccess file to do this but only ran into problems when attempting this. I enlisted the help of google search and came across this plugin which when enabled redirects everything for you. After you enable it just make sure that in the WordPress Admin that you goto Options and change the “WordPress address (URI):” to make use of https in the address and NOT http. That should be it. So from now on when you load the wp-admin url it should convert your address over to https instead. I have tested this on WordPress 2.0.2 and it works like a charm.

UPDATE

There seem to be some flaws to this method… stay posted.

5 thoughts on “WordPress Admin over SSL.. For Free!”

  1. Hey Alex,

    Thanks for the feed back on that. I actually went the route of getting one from Comodo … since yeah as you said they are valid but not trusted. …not to mention I forgot my login information on cacerts

  2. In case you are still wondering (i see this is from 2006) : cacerts give free certificates, and you could even have done your own certificate, that is very easy. But the issue here is that cacerts is not recognized as a trusted CA (certificate authority).
    Typically, every browser is bundled with a list of CA (eg Verisign, …), and cacerts is not in this list. So if the browser gets to your site, he will see a valid certificate from cacerts, but will prompt the user to check it since the certificate is signed by cacerts which is not in its list of trusted CAs.

  3. Yes, I mean everything I did WILL work but for some reason when normal visitors come to the site it prompts them with a “Accept this SSL Cert” message… thats not how it SHOULD would. I dont think the plugin works correctly with WordPress 2.0. I am currently working on creating a plugin that should redirect any http://domain/wp-admin/file into https://domain/wp-admin/file … I hope to have it avail for download in a day or so.

Comments are closed.