WordPress.org

Ready to get started?Download WordPress

Forums

security and https (3 posts)

  1. newagespirit
    Member
    Posted 2 years ago #

    I run several wordpress sites, at present delivered over http. I am concerned that these are fundamentally insecure and that they should be changed to https to improve security.

    Would be grateful for any comment on how important/useful this would be and on the level of potential risk of running wordpress over http.

    Also are there any technical issues in getting wordpress to run over https, eg any special plugins required? As I don't have user registration, could I just have the wp-admin features secured and allow public pages to continue to be viewed over http?

  2. Michael
    Member
    Posted 2 years ago #

    Whether you need an SSL certificate or not really depends on the type of site your maintaining. This article outlines it perfectly.

  3. jessematic
    Member
    Posted 2 years ago #

    If you ever want PCI compliance for any of those sites, you will HAVE to have an SSL certificate installed. As far as as getting it to run over HTTPS, you don't need a plugin, just open your .htaccess file and force https on all pages:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    Just remember to restart Apache when you are done :)

Topic Closed

This topic has been closed to new replies.

About this Topic