security and https | WordPress.org

newagespirit
(@newagespirit)

12 years ago

I run several wordpress sites, at present delivered over http. I am concerned that these are fundamentally insecure and that they should be changed to https to improve security.

Would be grateful for any comment on how important/useful this would be and on the level of potential risk of running wordpress over http.

Also are there any technical issues in getting wordpress to run over https, eg any special plugins required? As I don’t have user registration, could I just have the wp-admin features secured and allow public pages to continue to be viewed over http?

Viewing 2 replies - 1 through 2 (of 2 total)

Michael
(@southstationmedia)

12 years ago

Whether you need an SSL certificate or not really depends on the type of site your maintaining. This article outlines it perfectly.
jessematic
(@jessematic)

12 years ago
If you ever want PCI compliance for any of those sites, you will HAVE to have an SSL certificate installed. As far as as getting it to run over HTTPS, you don’t need a plugin, just open your .htaccess file and force https on all pages:
```
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
```
Just remember to restart Apache when you are done 🙂

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘security and https’ is closed to new replies.

Tags

HTTPS

In: Everything else WordPress
2 replies
3 participants
Last reply from: jessematic
Last activity: 12 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics