Secure WordPress Admin With Shared SSL And Without Any Plugin

June 4th, 2011 Leave a comment Go to comments

Long time back I wrote a blog post on securing your whole WordPress admin area without any plugin. But that was for private SSL. It is really a pain if you try to do it using Shared SSL certificate. So if you are trying to find a way to secure your WordPress login and admin using shared SSL, you have come to the right place. Unless you know the trick, it might take a long tiring search in Google to make that work :)
I will keep it simple. In your WordPress directory open wp-config.php and then add the below two lines:

define('WP_SITEURL', 'https://cp32.hostable.com/~USERNAME/BLOG_DIRECTORY');
define( 'WP_CONTENT_URL', 'http://www.waveofweb.com/wp-content');

First line will take your connection over https using your Shared SSL certificate when you log in to your admin area. Here https://cp32.hostable.com/~USERNAME is Shared SSL link. And if your WordPress directory is not in public_html folder, then you have to append the additional path.
That first line is suffice to secure your WordPress login and admin area using your shared SSL certificate. But you need to make sure that while loading images from wp-content or graphics from the themes folder, it should be loaded on an unencrypted connection when a user views your blog posts and pages. Encrypted elements load a bit slower, so you will want to serve the post elements over normal connection to the readers. So in WP_CONTENT_URL we have specified non-secured url location.
So if your hosting provider already provides a Shared SSL certificate, you can use it to secure your WordPress blog and save some bucks that you would have spent on buying a dedicated IP address and a private SSL certificate.

Related posts:

  1. SSL Secure WordPress Admin Without Any Plugin
  2. Don’t Forget to Change WordPress Comment Submit URL If You Are Using Shared SSL
  3. Solve “There was a problem opening a secure connection to Google.” Error
Categories: Wordpress Tags:
  1. gagan
    June 15th, 2011 at 03:49 | #1
    Reply | Quote

    Hello

    i tried to add lines in wp-config.php but still not working

    name wordpress folder showing at two places one in /public_html/wordpress & /www/wordpress

    i have hosting from hostable.com cp21.hostable.com can you please advise me how to add and where to add
    thanks

    • admin
      June 17th, 2011 at 23:12 | #2
      Reply | Quote

      Both /public_html/wordpress & /www/wordpress point to the same folder. www folder is normally just an alias for public_html folder. You can make the change in any of them & it will modify the same file.

  2. Chad Warner
    October 7th, 2011 at 06:50 | #3
    Reply | Quote

    This redirects my admin area to use Hostmonster’s shared SSL, but now my Visual Editor doesn’t work; it just shows plain HTML.

    • admin
      October 7th, 2011 at 16:12 | #4
      Reply | Quote

      Not sure what the issue is because I am using Hostable shared SSL to access my admin dashboard, and my visual editor just works fine.

  3. Scott
    November 13th, 2011 at 17:56 | #5
    Reply | Quote

    Hello there… I came across this article and was wonder if you could help me out…. I have a private ip and dedicated ssl….

    I am running a multi site WP with two different networks… I only want to force ssl on the one network because if you try both you get errors on the second because the ssl is only good for the one domain..

    I have figured out how to force ssl for login and admin to only one of the domains by using this

    if ( $_SERVER["HTTP_HOST"] == “yourdomain.comhere” ) {
    define(‘FORCE_SSL_ADMIN’, true);
    }

    But the problem is that I need all newly created blogs on the network in the first domain with the sll to get prefixed with https (by default the site url and home url get prefixed with http)

    I have to manually go in and change whenever someone creates a site..

    Adding this to the .htaccess works but it forces the second domain also which gives all kinds of errors when trying to access it….

    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    Thanks Scott

  4. Scott
    November 15th, 2011 at 01:28 | #6
    Reply | Quote

    I have a private ssl cert on my first domain… I added a addon domain in cpanel and would like to secure the wp and login fo the second domain … I am guessing that this is not possible becausue i tried the above and it forward me to the home page to the first domain

    ? thanks Scott

    • admin
      November 16th, 2011 at 14:53 | #7
      Reply | Quote

      Nope Scott, it will not work. For this to work you need your hosting server on https as you are going to point WP_SITEURL to your blog directory in the hosting server. This is only for if you don’t have private SSL and your hosting server is on Shared SSL.
      And for your first question, I haven’t worked with muti site WP. So currently can’t help you with the configuration.

  1. No trackbacks yet.