WordPress.org

Support

Support » Miscellaneous » security and https

security and https

  • newagespirit
    Member

    @newagespirit

    I run several wordpress sites, at present delivered over http. I am concerned that these are fundamentally insecure and that they should be changed to https to improve security.

    Would be grateful for any comment on how important/useful this would be and on the level of potential risk of running wordpress over http.

    Also are there any technical issues in getting wordpress to run over https, eg any special plugins required? As I don’t have user registration, could I just have the wp-admin features secured and allow public pages to continue to be viewed over http?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Michael
    Member

    @southstationmedia

    Whether you need an SSL certificate or not really depends on the type of site your maintaining. This article outlines it perfectly.

    jessematic
    Member

    @jessematic

    If you ever want PCI compliance for any of those sites, you will HAVE to have an SSL certificate installed. As far as as getting it to run over HTTPS, you don’t need a plugin, just open your .htaccess file and force https on all pages:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    Just remember to restart Apache when you are done 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘security and https’ is closed to new replies.