Skip to:

How do you manage your site’s SSL security?

  • Roberto BS


    I’d like to ask for your recommendations regarding the security of a Buddypress site. This is my current dilemma.

    I have a shared ssl certificate.
    I know that you can secure the login and admin portions of the site by editing wp-config.php. However, by using the login widget in the sidebar, the end user does not receive any feedback or visual clue that https is being used to process the login (The url in the browser does not change to https etc.) Is there anything that can be done about this?

    Also, it seems that the profile configuration page where you can change your password is not secured by default. Is there any way to specify the use of https for certain portions of the site?

Viewing 1 replies (of 1 total)

  • Boone Gorges


    If you have a relatively short list of specific URLs that you would like to run over SSL, you should be able to write redirect rules in your .htaccess file.

    I was going to give you a sample of how to do that but I realized that I generally suck at rewriterules. Maybe someone else can jump in with some help writing the wildcard rule.

    The login widget is trickier because it appears on every page; unless you want the whole site run under https, it’ll be hard to make it visible to the user.

Viewing 1 replies (of 1 total)
  • The topic ‘How do you manage your site’s SSL security?’ is closed to new replies.
Skip to toolbar