Support » Fixing WordPress » SSL-secured blog. How to setup. What problems to expect?

  • I have a private blog, that is not intended for the general public. Only logged-in users (that’s me) can read the blog.

    Next I intend to apply QuickSSL.

    The WHOLE site, including frontend, backend, widgets, themes, uploads… all of it should work with https…

    – How to change http->https?
    – What will break?
    – Cautions, advice?


Viewing 4 replies - 1 through 4 (of 4 total)
  • Oh, great, but how do I secure the frontend?

    I don’t want to secure just admin. I want to secure the content itself.
    I want: FORCE_SSL_FRONTEND=true

    – put the site in private_html (directadmin host) [is this needed?]
    – alter the path (public_html -> private_html)
    – make an url rewrite rule http->https:

    RewriteCond %{SERVER_PORT} !^80$
    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L]

    Then all https traffic would have the URLs rewritten to https and secure connection would be maintained during ALL use of the site?

    I’m just wondering what I have forgotten here.

    Ah, didnt read it to the end:

    “Force SSL Plugin

    This plugin forces an SSL connection, both on the front-end and the admin back-end interface. In addition to using this plugin, you should change the WordPress and Blog address URIs to begin with “https”. You might also want to change the URI in the Options -> Misc admin area so that file uploads will generate the “https” link for uploaded images”


    “This method does not […] protect you against man-in-the-middle attacks or other risks that can cripple secure connections.”

    I thought that SSL connections are safe against man in the middle attacks, because the certificate is bound to the server ip…

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘SSL-secured blog. How to setup. What problems to expect?’ is closed to new replies.