WordPress Security Tips – Force SSL Login

WordPress Security Tip #1

Secure WordPress Admin Login

The first WordPress Security tip that I have is to immediately edit your wp-config.php and force SSL login for administering your WordPress Website. The code below will stop sending your password in plaintext over the internet. WOW! Can you imagine logging into your website at a cafe’ only to find out that Joe Hacker stole your WordPress blog password?

Copy & paste the following into your /public_html or /docroot/wp-config.php define('FORCE_SSL_ADMIN', true);

WordPress Security Tip #2

Secure WordPress User Login

The second WordPress Security tip involves forcing SSL encryption when your blog users login to your website to make comments and interact with your site. Again, you want to protect their user experience. No one enjoys being hacked and their website defaced with spammy content! Copy & paste the following code snippet just beneath the first tip
define('FORCE_SSL_LOGIN', true);

WordPress Security Tip #3

HTTP Strict Transport Security for WordPress

After you’ve completed that step, I will suggest you read HTTP Strict Transport Security for WordPress which I wrote about earlier last month. It will further enhance WordPress security by keeping your website in SSL mode. It does not modify your WordPress website. Please have your webmaster edit either your php.ini or htaccess. Not sure how to do this? Share my post and ask me on Google Plus!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.