Posted 7 years ago #
I've setup a SSL certificate for my WordPress site and am trying to encrypt my username and password as I login. I don't care if the entire admin area is encrypted.
When I goto https://mysite.com/wp-admin, my browser tells me that sending information is not safe. Is my login info encrypted or am I getting that browser message because the page info sent to me is only partially encrypted?
This codex article may help sort things out: http://codex.wordpress.org/Administration_Over_SSL
Posted 7 years ago #
I've read that and these other resources as well:
http://codex.wordpress.org/Talk:Administration_Over_SSL
http://www.invisibleinstitute.com/david-eads-blog/2005/06/wordpress-administration-over-ssl/
http://blog.blackdown.de/2006/01/22/securing-wordpress-2-admin-access-with-ssl/
http://weblogtoolscollection.com/pluginblog/category/announcements/
But all do more than I want since I don't care if the entire wp-admin dir is encrypted. I simply don't want my username and password to be unencrypted. If simply adding https:// does what I need, then I'm set!
Posted 7 years ago #
After additional research, my tentative conclusion is that having your host setup SSL on your server, and adding an (s) to http:// making it https:// will encrypt your user name and password as it is sent. It will not encrypt everything sent to you and does not encrypt pages subsequently accessed.
The best page to access and login is this URL substituting "mysite.com" with your site and "WordPressDirectory" with the location of your WordPress blog:
https://www.mysite.com/WordPressDirectory/wp-login.php
Going directly to this page to login eliminates the need to enter the "s" again after you are redirected from https://www.mysite.com/WordPressDirectory/wp-admin/index.php
Please correct me if I'm wrong, and I hope this someone else!
This topic has been closed to new replies.
