I'm an IT consultant, web host, and part-time developer. I've worked with Apache for years. I figured that setting up my own revamped site to use a mix of secure and unsecure pages would be a snap. After all, it's just a few lines of url rewrites in .htaccess or in httpd-vhosts.conf, right?
WordPress fights this tooth and nail. I resisted installing a plugin for this, as it just seemed so dang simple. After several hours (no kidding) of seemingly endless frustration, I installed WordPress HTTPS and within minutes, I had the sensitive parts of my site forced to SSL.
It would have been great if the developers of WP-Client included this functionality in their Pro version, but they did not. In fact, they don't even mention it (and they should). Adding a simple url filter ("/portal/") forced all of my client portal pages to SSL. Checking the box to force SSL administration handled the back end, and finally, checking the box to force my contact page to SSL even set that for me, while leaving the public portions of the site outside SSL and more responsive to visitors.