Secure all WordPress logins with HTTPS even if you don’t have your own SSL certificate

If you’re unable to install an SSL certificate on your web server or are just too cheap to buy your own ($10+ per year per website), you can still force all WordPress logins to use the secure HTTPS protocol.

Note: If you already have your own SSL certificate installed, all you need to do is use the FORCE_SSL_LOGIN wp-config.php constant. You don’t need this plugin.

How to setup the Https-SSL-free plugin

  1. Install and activate the Https-SSL-free plugin.
  2. Upon plugin activation, it will change your WordPress Site URL setting from to and log you out.
  3. Your link will now redirect to, but your front-end Site Address URL will remain unchanged as
  4. Type in your website links and you’ll be directed to the HTTPS version when needed.
  5. Upon plugin deactivation, the WordPress Site URL is restored to

Featured Plugin - WordPress Ecommerce Shopping Cart Plugin

Out of all the WordPress ecommerce plugins available, MarketPress has got to be the winner - easy to configure, powerful functionality, multiple gateways and more. A simply brilliant plugin!
Find out more
The Https-SSL-free plugin’s header image

How the Https-SSL-free plugin works

The domain belongs to an Argentinean web hosting company. The domain has a wildcard SSL certificate (typically a few hundred dollars per year), which is how your redirected URLs are able to use its SSL certificate at no additional cost.

The Https-SSL-free plugin is from the Medius Project.

Medius is a not for profit organization open source platform based on 5 pillars:

  • Contribution
  • Privacy
  • Trust
  • Security
  • Education

Featured Plugin - WordPress Membership Site Plugin

If you're thinking about starting a paid, or just private, membership site then this is truly the plugin you've been looking for. Easy to use, massively configurable and ready to go out of the box!
Find out more

If you’re looking for a free, secure login option, trust the company behind, and trust its SSL certificate issuer (which is GoDaddy), the Https-SSL-free plugin could be your newest “install on every site that doesn’t have its own SSL certificate” plugin.

For added security, you may want to combine this secure login method with forcing all users to change their password once every password every 30 days.


Comments (2)