Secure all WordPress logins with HTTPS even if you don’t have your own SSL certificate

If you’re unable to install an SSL certificate on your web server or are just too cheap to buy your own ($10+ per year per website), you can still force all WordPress logins to use the secure HTTPS protocol.

Note: If you already have your own SSL certificate installed, all you need to do is use the FORCE_SSL_LOGIN wp-config.php constant. You don’t need this plugin.

How to setup the Https-SSL-free plugin

  1. Install and activate the Https-SSL-free plugin.
  2. Upon plugin activation, it will change your WordPress Site URL setting from http://example.com to https://example_com.1.com.ar and log you out.
  3. Your http://example.com/wp-admin link will now redirect to https://example_com.1.com.ar/wp-admin, but your front-end Site Address URL will remain unchanged as http://example.com.
  4. Type in your website links and you’ll be directed to the HTTPS version when needed.
  5. Upon plugin deactivation, the WordPress Site URL is restored to http://example.com.

Featured Plugin - WordPress Google Maps Plugin

Simply insert google maps into posts, sidebars and pages - show directions, streetview, provide image overlays and do it all from a simple button and comprehensive widget.
Find out more
The Https-SSL-free plugin’s WordPress.org header image

How the Https-SSL-free plugin works

The 1.com.ar domain belongs to an Argentinean web hosting company. The domain has a wildcard SSL certificate (typically a few hundred dollars per year), which is how your redirected URLs are able to use its SSL certificate at no additional cost.

The Https-SSL-free plugin is from the Medius Project.

Medius is a not for profit organization open source platform based on 5 pillars:

  • Contribution
  • Privacy
  • Trust
  • Security
  • Education

Featured Plugin - WordPress Membership Site Plugin

If you're thinking about starting a paid, or just private, membership site then this is truly the plugin you've been looking for. Easy to use, massively configurable and ready to go out of the box!
Find out more

If you’re looking for a free, secure login option, trust the company behind 1.com.ar, and trust its SSL certificate issuer (which is GoDaddy), the Https-SSL-free plugin could be your newest “install on every site that doesn’t have its own SSL certificate” plugin.

For added security, you may want to combine this secure login method with forcing all users to change their password once every password every 30 days.

Tags

Comments (3)

  1. As of jun 2014 this completely crashed my WordPress site and I read on the plugin homepage (not on this site) that nearly all the commenters have the same issue. I tried going into the plugins folder in the server and removing the plugin which 99 times in 10 normally fixes crashes – or at least you can see the site – but no luck this time. So please be careful with this plugin.

Participate