Thanks for your speedy reply! I put these two lines in my wp-config.php file:
When I go to login, it still uses plain old HTTP. When I access my admin panel, it again uses plain old HTTP. It never tries to redirect to anything. In fact, none of the SSL/HTTPS plugins I've tried seem to work with shared SSL.
I checked the Shared SSL box in your plugin and entered the secure URL. For InMotion Hosting, it has the form:
where NN is the server number and USERNAME identifies the account.
Since I posted my question, I've done a lot of shopping around for SSL certificates. Comodo sells SSL certificates with 1024-bit public keys and 256-bit session keys for only $10/year. A cryptography expert I know confirms that 1024-bit RSA can still be considered secure for a few more years, despite the recent hype to the contrary. (Tampering with the power supply to induce and exploit hardware faults can hardly be considered a realistic scenario in any good commercial data center.)
At $10/year, anyone can afford to get a dedicated SSL certificate. A secure URL based on the domain name looks more professional, and that inspires confidence in customers. I think it's well worth the money!