: HTTP for one part of the site, HTTPS for other We have a site which is HTTP, but it has an admin part. How can we secure the admin part with HTTPS? For example, WordPress (which I know)

Posted in: #Authentication #Http #Https #Security

We have a site which is HTTP, but it has an admin part. How can we secure the admin part with HTTPS?

For example, WordPress (which I know) is located at foo.com, but we want to have foo.com/wp-admin/
How to do this?

10.02% popularity Vote Up Vote Down

: What features in a website make you want to revisit? I'm looking for features in websites that I may not have seen before that are unique, and are excellent features that not only improve

@Looi9037786

Posted in: #Api #WebsiteFeatures

3 Comments

: What is "?sfgdataq" that I see appended to some requests to my application? I have noticed that a small number of requests come through my application with ?sfgdataq appended to them, I probably

@Looi9037786

Posted in: #Analytics

3 Comments

: What is USH.HTML and why do some robot try to access it? I have been getting quite a few hits on my webservers for the resource /USH.HTML. I have never hosted this file, and do not know

@Looi9037786

Posted in: #Logging #RobotsTxt #WebCrawlers

1 Comments

: Can the password recovery function of Drupal be configured to only ask for email address? (I originally asked this question in webapps.stackexchange.com.) By default, in Drupal, when we provide

@Looi9037786

Posted in: #Drupal #Password

1 Comments

Login to post a comment!

2 Comments

Sorted by latest first Latest Oldest Best

@Sarah324

A generic non-application way to force an entire directory and its subdirectories to use SSL can be achieved with Apache:

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) %{HTTP_HOST}%{REQUEST_URI}

Simply put that in a the .htaccess file of the directory you wish to secure. If you put it in your root directory it will force your whole site to be secure.

10% popularity Vote Up Vote Down

@Cody1181609

I'll assume you already have an SSL certificate, and have Apache (or $HTTPD) configured properly to work with SSL requests. If this is a bad assumption, let me know.

Otherwise, the quickest way to wrangle WordPress into forcing SSL for logins/admin pages would be the Admin SSL WP Plugin. Install it, activate it, et voilá.

10% popularity Vote Up Vote Down

Feed

: HTTP for one part of the site, HTTPS for other We have a site which is HTTP, but it has an admin part. How can we secure the admin part with HTTPS? For example, WordPress (which I know)

More posts by @Looi9037786

: What features in a website make you want to revisit? I'm looking for features in websites that I may not have seen before that are unique, and are excellent features that not only improve

: What is "?sfgdataq" that I see appended to some requests to my application? I have noticed that a small number of requests come through my application with ?sfgdataq appended to them, I probably

: What is USH.HTML and why do some robot try to access it? I have been getting quite a few hits on my webservers for the resource /USH.HTML. I have never hosted this file, and do not know

: Can the password recovery function of Drupal be configured to only ask for email address? (I originally asked this question in webapps.stackexchange.com.) By default, in Drupal, when we provide

Login to post a comment!

2 Comments

Back to top | Use Dark Theme