WordPress.org

Ready to get started?Download WordPress

Forums

SSL-secured blog. How to setup. What problems to expect? (5 posts)

  1. LostInNetwork
    Member
    Posted 4 years ago #

    I have a private blog, that is not intended for the general public. Only logged-in users (that's me) can read the blog.

    Next I intend to apply QuickSSL.

    The WHOLE site, including frontend, backend, widgets, themes, uploads... all of it should work with https...

    - How to change http->https?
    - What will break?
    - Cautions, advice?

    Thanks.

  2. Samuel B
    moderator
    Posted 4 years ago #

  3. LostInNetwork
    Member
    Posted 4 years ago #

    Oh, great, but how do I secure the frontend?

    I don't want to secure just admin. I want to secure the content itself.
    I want: FORCE_SSL_FRONTEND=true

  4. LostInNetwork
    Member
    Posted 4 years ago #

    - put the site in private_html (directadmin host) [is this needed?]
    - alter the path (public_html -> private_html)
    - make an url rewrite rule http->https:

    RewriteCond %{SERVER_PORT} !^80$
    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L]

    Then all https traffic would have the URLs rewritten to https and secure connection would be maintained during ALL use of the site?

    I'm just wondering what I have forgotten here.

  5. LostInNetwork
    Member
    Posted 4 years ago #

    Ah, didnt read it to the end:

    "Force SSL Plugin

    This plugin forces an SSL connection, both on the front-end and the admin back-end interface. In addition to using this plugin, you should change the WordPress and Blog address URIs to begin with "https". You might also want to change the URI in the Options -> Misc admin area so that file uploads will generate the "https" link for uploaded images"

    However...

    "This method does not [...] protect you against man-in-the-middle attacks or other risks that can cripple secure connections."

    I thought that SSL connections are safe against man in the middle attacks, because the certificate is bound to the server ip...

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags