Confirmed users
491
edits
WebAppSec/Secure Coding Details: Difference between revisions
WebAppSec/Secure Coding Details (view source)
Revision as of 23:43, 2 December 2010
, 2 December 2010→Admin Login Pages
No edit summary |
|||
| Line 37: | Line 37: | ||
== Admin Login Pages == | == Admin Login Pages == | ||
===Word Press === | ===Word Press === | ||
'''Force Login and Admin Pages to be SSL''' | |||
Add define('FORCE_SSL_ADMIN', true); to the wp.config file. | |||
http://codex.wordpress.org/Administration_Over_SSL#To_Force_SSL_Logins_and_SSL_Admin_Access | |||
'''Force Admin Requests on HTTP to Rewrite as HTTPS ''' | |||
http://codex.wordpress.org/Administration_Over_SSL#Rewrite_Rules_For_The_Insecure_Host | |||