Protect Your WordPress (Travel) Blog Passwords With A Single Line Of Code

by Anil Polat · 7 comments

The very popular blogging platform WordPress has gotten better at security over the years but could still use some improvements on how it protects your passwords as they float across the Internet. Chances are your WordPress blog isn’t taking advantage of your server’s SSL certificate (private or shared – most hosting plans provide you with one).


Note: There are several plugins that can do this for you, most notably Admin SSL, but it doesn’t play nice with blog accelerator WP Super Cache.

Check If You Have A Certificate Available

By adding one line of code to your WordPress config file you can force your blog to use the de facto Web-standard Secured Sockets Layer (SSL) encryption.

  • First of all check to see if your blog has an SSL certificate available to it, which is necessary for this to work. An easy way to do this is to add an “S” to your blog’s URL (e.g. httpS://

You’ll probably get a warning about the certificate not being trusted which is pretty normal considering your browser doesn’t know your site from a hole in the wall. Trust the certificate permanently to avoid any similar warnings down the line. If the page doesn’t load or you get some kind of error, contact your hosting company and ask them how to enable an SSL certificate for your site; then try again.

Add This Line Of Code To Encrypt Passwords

Open up your config.php file, which is in the root directory of your WordPress blog.

Copy and paste this line courtesy

define(‘FORCE_SSL_LOGIN’, true);

adding it above the “That’s all, stop editing! Happy blogging.” line of the config file.

To beef up security even further and protect all of your admin connections, add this line (as opposed to the above):

define(‘FORCE_SSL_ADMIN’, true);

In case things don’t work, the easy way to undo what you did is to remove the line of code. Assuming things go smoothly though, you’re done – now your WordPress blog’s passwords and cookies are encrypted, better protecting your log in credentials. To secure most of your other Internet connections try the HTTPS Everywhere Firefox add-on.

[photos by: -12C (padlock)]

Previous post:

Next post: