Support » Everything else WordPress » security and https

  • I run several wordpress sites, at present delivered over http. I am concerned that these are fundamentally insecure and that they should be changed to https to improve security.

    Would be grateful for any comment on how important/useful this would be and on the level of potential risk of running wordpress over http.

    Also are there any technical issues in getting wordpress to run over https, eg any special plugins required? As I don’t have user registration, could I just have the wp-admin features secured and allow public pages to continue to be viewed over http?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Michael


    Whether you need an SSL certificate or not really depends on the type of site your maintaining. This article outlines it perfectly.

    If you ever want PCI compliance for any of those sites, you will HAVE to have an SSL certificate installed. As far as as getting it to run over HTTPS, you don’t need a plugin, just open your .htaccess file and force https on all pages:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    Just remember to restart Apache when you are done 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘security and https’ is closed to new replies.