I'd like to be able to offer my clients, lawyers and accountants
a blogging and client management system based on WordPress
that they can trust with sensitive legal and financial information.
Starting with SSL...
Is there a way to make to make wordpress both public facing
and backend admin SSL secured?
By public facing, meaning clients would have access to a
password protected area (powered by wishlist) to interface
with the lawyer to accountant.
That's the start of the idea... please add to how to make it
real. I've already got the SSL lock down for the wp-login
form using my .htaccess file, now need to secure the rest.
I'd like to be able to offer my clients, lawyers and accountants
a blogging and client management system based on WordPress
that they can trust with sensitive legal and financial information.
Starting with SSL...
Is there a way to make to make wordpress both public facing
and backend admin SSL secured?
By public facing, meaning clients would have access to a
password protected area (powered by wishlist) to interface
with the lawyer to accountant.
That's the start of the idea... please add to how to make it
real. I've already got the SSL lock down for the wp-login
form using my .htaccess file, now need to secure the rest.
You can use google and a few clever rewrite rules to enforce the front end. Note that many themes and plugins have hardcoded http:// links which you'll need to edit.
You may also want to look at the wp https plugin since some parts of admin pages will not be pulling from https sources. The plugin does a pretty good job of fixing this so IE users don't keep getting insecure https warnings ....
Thanks for the tips and links. I need to do this as well, but I need to take it through multi-network and many different domains so I think no matter how I slice it I better go get a server side wildcard ssl.
Thanks for the tips and links. I need to do this as well, but I need to take it through multi-network and many different domains so I think no matter how I slice it I better go get a server side wildcard ssl.
You should use hosting such as Exabytes that offer SSL service. Or you should ask Exabytes how to use SSL service before buying SSL service. They may charge you if you need help to setup SSL.
It's bit old thread but it doesn't matter I think.
I have 3 questions (/problems) here:
1) SSL certificating - As I have said above, I am going to run 3 (Maybe more in future) WP Multisites and I am going to secure each of them with SSL wildcard certificates.
I have basic questions here - what should I take into account about SSL certificating, what should I be aware of and etc.
2) Domain Mapping and SSL certificates. - I have read some topics here and developer of Domain Mapping plugin have said that Domain Mapping doesn't support SSL certificate. At first, I was bit disappointed about that, then I remind that WordPress.com blogs were secured with SSL, so I have found one "domain-attached" blog and went to it's "/wp-login.php" and it redirected to what I thought - subdomain/wp-login.php. So I think there should be no problem for us too. What do you think?
3) SSL Certificates - Which wildcard should I choose? For example, is it OK to choose "True BusinessID Wildcard"?
I just added @targetd code above and it seems to work fine in the htaccess to form SSL. However, my WP Super Cache is now throwing up old cache files on odd URLs... anyone have a suggestion for enabling both a cache and *full* SSL protection over the entire WP installation?
Responses (12)
WPMU DEV Fanatic — 1st February 2011 21:10 #
Hello there bamf,
I came across what seem to be some viable solutions in the form of plugins. Are you looking for methods apart from using plugins to achieve this?
Cheers,
David
Lead Developer — 1st February 2011 21:27 #
Here's the admin side
http://codex.wordpress.org/Administration_Over_SSL
You can use google and a few clever rewrite rules to enforce the front end. Note that many themes and plugins have hardcoded http:// links which you'll need to edit.
Member — 1st February 2011 23:03 #
You may also want to look at the wp https plugin since some parts of admin pages will not be pulling from https sources. The plugin does a pretty good job of fixing this so IE users don't keep getting insecure https warnings ....
Member — 2nd February 2011 21:22 #
Hey Tracy, thanks that a great start. Have you used it before?
If so what has been your results? Technical issues? On MU?
Member — 3rd February 2011 00:09 #
Thanks for the tips and links. I need to do this as well, but I need to take it through multi-network and many different domains so I think no matter how I slice it I better go get a server side wildcard ssl.
Member — 3rd February 2011 00:10 #
Thanks for the tips and links. I need to do this as well, but I need to take it through multi-network and many different domains so I think no matter how I slice it I better go get a server side wildcard ssl.
Member — 15th February 2011 20:04 #
Hi gang,
I just saw a huge opportunity here if we can nail this down to a science. HEALTHCARE!
If we can reassure the medical community that we can satisfy the HIPAA guidelines, we can cash in on the fast growing U.S. health care industry. See: http://www.tripwire.com/asset/?type=wp&cat=HIPAA&id=2040&djinn=PPCNA-HIPAAGEN20100830&gclid=CIC6ppn5iqcCFdtx5QodeHN9fQ
Actually, any developer who created HIPAA PlugASafeIn app that bolted down security for WP for this market will reap both fame and fortune.
Damn it, I wish I could program like I used to.
Member — 31st May 2011 13:05 #
You should use hosting such as Exabytes that offer SSL service. Or you should ask Exabytes how to use SSL service before buying SSL service. They may charge you if you need help to setup SSL.
Member — 1st June 2011 01:01 #
> Is there a way to make to make wordpress both public facing
> and backend admin SSL secured?
You can redirect all traffic to the public website to SSL by adding this in your .htaccess file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Member — 14th September 2011 18:23 #
Hello,
It's bit old thread but it doesn't matter I think.
I have 3 questions (/problems) here:
1) SSL certificating - As I have said above, I am going to run 3 (Maybe more in future) WP Multisites and I am going to secure each of them with SSL wildcard certificates.
I have basic questions here - what should I take into account about SSL certificating, what should I be aware of and etc.
2) Domain Mapping and SSL certificates. - I have read some topics here and developer of Domain Mapping plugin have said that Domain Mapping doesn't support SSL certificate. At first, I was bit disappointed about that, then I remind that WordPress.com blogs were secured with SSL, so I have found one "domain-attached" blog and went to it's "/wp-login.php" and it redirected to what I thought - subdomain/wp-login.php. So I think there should be no problem for us too. What do you think?
3) SSL Certificates - Which wildcard should I choose? For example, is it OK to choose "True BusinessID Wildcard"?
Thanks,
Kote
Member — 4th October 2011 07:03 #
http://premium.wpmudev.org/forums/topic/wpmudev-wordpress-security-plugin-feature-request
Please +1
Member — 9th October 2011 12:22 #
I just added @targetd code above and it seems to work fine in the htaccess to form SSL. However, my WP Super Cache is now throwing up old cache files on odd URLs... anyone have a suggestion for enabling both a cache and *full* SSL protection over the entire WP installation?
Become a member