Enable SSL Protection of the Admin Area in WordPress
Once SSL is enabled, the next step is to protect the admin area with SSL.
- First to https://<mapped-domain>/wp-login.php, then re-auth at
From user perspective, this is somewhat painful.
To solve the problem – use the Admin SSL plugin. It was developed before WordPress-MU was merged into WordPress, but it still works:
- Install the plugin via Plugin page, but do not activate
- Copy the directory admin-ssl-secure-admin from wp-content/plugins to wp-content/mu-plugins
- Copy admin-ssl.php from inside admin-ssl-secure-admin to wp-content/mu-plugins
- Go to Administration -> Super Admin -> Admin SSL
- Enable “Secure My Site with SSL”
- If you want to protect the whole admin area under SSL, put wp-admin/ into the URL List textarea
- Save the options
With this plugin – make sure you comment out the define(‘FORCE_SSL_ADMIN’, true) line in your wp-config.php. The plugin now only does a single login, but it points the login link at https://<top-site>/<sub-site>/wp-login.php, instead of the more desirable https://<mapped-domain>/wp-login.php, so more improvements can still be done.