Quick Steps to Protect Your WordPress Site’s Login & Admin Panel Using a Secure HTTPS Connection
WordPress is among the easiest CMS (Content Management System) to use. More than 30% of websites and blogs on the internet are made using WordPress.
WordPress is a secure CMS, but still, it often becomes the target of cyberattacks. Henceforth, such incidents of WordPress sites getting attacked proves that you shouldn’t take WordPress website security lightly. Likewise, it’s required to keep your WordPress Admin area and its Login page secure to avoid such cyber-attacks. And one such way is by enabling the FORCE_SSL option, so you can prevent yourself from getting exposed to cyberattacks like “Man-in-the-middle attacks.”
Hasn’t Google Made It Mandatory to Have an SSL/TLS Certificate?
Google has made it compulsory to have an SSL/TLS certificate installed. But sometimes, even after you install an SSL/TLS certificate, some issues arise, and your site doesn’t load on HTTPS. For example, if you haven’t forced the HTTP version website to load on a secure HTTPS connection, your site visitors may still see the HTTP version.
At least, you should force the Login and Admin panel to load over SSL. And, having the FORCE_SSL option enabled, the WordPress site will force your Login and Admin panel to load using SSL. And the URL of the Login form and Admin panel will always load using HTTPS://.
WordPress SSL Certificates
Protect your WordPress website in minutes with WordPress SSL Certificate. It includes 256 bit encryption, $10K-$50K warranties, daily WordPress scanner, site seal and more.
How to Enable & Use Force_SSL Option Within Your WordPress Website
Go through the below steps to enable the Force_SSL option:
Download & Edit wp-config.php File
Download the wp-config.php file from your website and open it using your favorite text editor, such as notepad.
Here’s the Steps to Download wp-config.php File
- Login into your hosting account. (cPanel account).
- Click File Manager under the FILES section.
- Once File Manager opens, go to the home directory, click and open the folder named public_html.
- On the right side, you’ll find the list of files. From that list of files, select the wp-config.php file and click the Download button from the above menu.
- After downloading the wp-config.php file, open it using any text editor (like Notepad++) and change settings for the FORCE_SSL option to true for both the Login page and Admin panel.
Change the Setting of FORCE_SSL_LOGIN in Your wp-config.php File to True for WordPress Login
By default, this FORCE_SSL_LOGIN setting is not specified within your WordPress wp-config.php file. Therefore, you’ll need to add it on your own if you’re doing it for the first time.
To enable this FORCE_SSL_LOGIN setting, add the below line of code into your wp-config.php file:
define( ‘FORCE_SSL_LOGIN’, true );
The best place to add is right after the line that sets WP_DEBUG, as shown in the screenshot.
Enable Setting for WordPress Admin by Enabling FORCE_SSL_ADMIN
As you did in the above step, do the same for enabling setting for FORCE_SSL_ADMIN.
Add the below code below the FORCE_SSL_LOGIN:
define( ‘FORCE_SSL_ADMIN’, true );
Save & Replace wp-config.php File
Once you complete editing the previously mentioned codes, save the wp-config.php file. Login in to your cPanel account, go back to the File Manager and delete the old wp-config.php file and replace it by uploading it into the public_html folder with the present wp-config.php file that you just edited.
Before editing the wp-config.php file, it’s recommended to take a backup of your website using a tool like CodeGuard Backup. Henceforth, if anything goes wrong and your website stops working or creates an issue, you have an old working version of your website ready.
What Is wp-config.php File?
Wp-config.php file is a configuration file that’s part of all the self-hosted WordPress websites. Unlike other WordPress files, it doesn’t come built-in with WordPress, but it’s generated explicitly for the website during the installation process.
WordPress stores information of your website database within the wp-config.php file. Therefore, if anything goes wrong with this wp-config.php file, or if the wp-config.php file doesn’t have your WordPress website information, your site will stop working and instead generate an error.
Having an SSL certificate is a must, but sometimes your website creates an issue and fails to load on HTTPS even after installing an SSL/TLS certificate. Therefore, it’s recommended that once you install an SSL certificate, you edit your wp-config.php file and change the settings by adding FORCE_SSL_LOGIN and FORCE_SSL_ADMIN code. Then your Login and Admin panel will load forcefully on a secure HTTPS connection.