SurlyJake Blog

Wordpress HTTPS Secure Login

| Comments

Back when I started with Wordpress, I had to create server rewrites to force my browser to use HTTPS. That changed back in 2008, but this is the first i’ve heard of it.

Wordpress 2.6 (released in July, 2008) and newer include the tools do do this out of the box! Using this documentation, you can get rid of some old .htaccess or nginx rewrite rules:  All you have to do is add the declaration in wp-config.php:

define('FORCE_SSL_ADMIN', true);

This forces logins and administrative sessions to use SSL.

Now, you can remove the old nginx rewrites. They aren’t needed anymore:

rewrite ^/wp-login.php(.*)$1 permanent;
rewrite ^/wp-admin(.*)$1 permanent;