Here’s a quick tip to force SSL (encrypted) logins to the WordPress admin pages. We use a few techniques, including this one, to ensure we don’t wake up one morning to find someone’s hacked any of our hosted WP sites…
Find and edit the wp-config.php file (usually in the root of your WP folder). Add the following lines:
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
Restart your webserver and off you go. Just make sure you’ve got your SSL virtual hosts and a certificate set up first. We don’t tend to bother with properly signed certificates as self-signed ones do just fine for non-public facing sites.
There’s a few plugins available to do the same but we usually keep the number of plugins enabled to a minimum as they can slow down your server. Editing a bit of code’s not too hard is it??