I have set up WordPress on a site which has a server-side SSL certificate. It would seem like a good idea to have the login/password entry protected by SSL encryption.
I tried using the "Force SSL" plugin and it works as advertised... But it enforces SSL for all pages not just the login or admin pages.
Since it is my understanding that the search engines ignore https pages, having the entire blog use SSL encryption all the time does not seem desirable.
Can anyone suggest a way of enforcing SSL/https connection for login (and perhaps) for the admin-related pages which **would not** also require https for the public viewing of the blog entries.?
I thought of using mod_rewrite (in .htaccess) to change all calls to http://www.mywebsite.com/blogdir/wp-admin to the https equivalent and then put a requireSSL in the .htaccess file for the wp-admin directory. I suspect that is naive but perhaps someone can suggest a workable approach.