How to secure your WordPress blog by setting up SSL

The latest (from version 2.6) version of WordPress has support for making the admin section of your WordPress site use SSL or Secure Sockets Layer. This means that you’d be able to encrypt your admin pages if you want to.

Encrypting the admin pages provides more security for your WordPress site. In order to enforce SSL in your admin pages you need to do things a couple of things.

Step 1. Install an SSL certificate on your web site. Note that in order for SSL security to work you will need to have a dedicated IP address for your WordPress site. You should ask your hosting provider on how you can get a dedicated IP address and how to install an SSL certificate.

Step 2. Once you’ve got SSL working for your WordPress site, you will need to modify your wp-config.php file. You need to include the following:

define(‘AUTH_KEY’, ‘the auth key’);
define(‘SECURE_AUTH_KEY’, ‘the secure auth key’);
define(‘LOGGED_IN_KEY’, ‘the logged in key’);

You need to get your personal the three lines of code above from http://api.wordpress.org/secret-key/1.1/ and insert it into your wp-config file.

The other two lines of code you need to insert in your wp-config.php file are:

define(‘FORCE_SSL_ADMIN’, true); // put this if you want your whole admin site to use SSL
define(‘FORCE_SSL_LOGIN’, true); // put this if you want just the login page to use SSL

FORCE_SSL_ADMIN would be the best security but a lot of plugins hasn’t cope up with the required changes to fully support SSL in their plugins. You can check if the plugins you use support SSL by the warnings that your web browser will give you once you enable it and login to your admin page.

FORCE_SSL_LOGIN only encrypts the login page so that your login password will be encrypted.

Once you’ve included those lines of code, you’re now ready to use SSL on your WordPress blog.