Secure all WordPress logins with HTTPS even if you don’t have your own SSL certificate

If you’re unable to install an SSL certificate on your web server or are just too cheap to buy your own ($10+ per year per website), you can still force all WordPress logins to use the secure HTTPS protocol.

Note: If you already have your own SSL certificate installed, all you need to do is use the FORCE_SSL_LOGIN wp-config.php constant. You don’t need this plugin.

How to setup the Https-SSL-free plugin

  1. Install and activate the Https-SSL-free plugin.
  2. Upon plugin activation, it will change your WordPress Site URL setting from to and log you out.
  3. Your link will now redirect to, but your front-end Site Address URL will remain unchanged as
  4. Type in your website links and you’ll be directed to the HTTPS version when needed.
  5. Upon plugin deactivation, the WordPress Site URL is restored to
The Https-SSL-free plugin’s header image

How the Https-SSL-free plugin works

The domain belongs to an Argentinean web hosting company. The domain has a wildcard SSL certificate (typically a few hundred dollars per year), which is how your redirected URLs are able to use its SSL certificate at no additional cost.

The Https-SSL-free plugin is from the Medius Project.

Medius is a not for profit organization open source platform based on 5 pillars:

  • Contribution
  • Privacy
  • Trust
  • Security
  • Education

If you’re looking for a free, secure login option, trust the company behind, and trust its SSL certificate issuer (which is GoDaddy), the Https-SSL-free plugin could be your newest “install on every site that doesn’t have its own SSL certificate” plugin.

For added security, you may want to combine this secure login method with forcing all users to change their password once every password every 30 days.