A simple plugin that forces SSL on all pages when logged in.
| Author: | Bostjan Cigan (profile at wordpress.org) |
| WordPress version required: | 3.0 |
| WordPress version tested: | 3.5.1 |
| Plugin version: | 1.0 |
| Added to WordPress repository: | 05-05-2013 |
| Last updated: | 05-05-2013
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 40 |
| Rated by: | 3 |
| Plugin URI: | http://wpplugz.is-leet.com |
| Total downloads: | 6 316 |
| Active installs: | 100+ |
 Click to start download |
|
This is a very simple plugin that forces SSL on all pages when a user is logged in (not only on admin ones).
Why would you need it? If you force SSL usage only in the admin area, and use HTTP as your blog URL, then some links and buttons in the admin area revert to HTTP. This flaw is fixed by this plugin. If you want to check out details about session hijacking, you can view the screencast and the following post on my blog - WordPress Session Hijacking and Prevention.
How does it work?
- A user logs in,
- a cookie is set that is sent only through HTTPS,
- all pages are redirected to HTTPS,
- WordPress checks if this cookie is set,
- if not, the user is logged out.
This effectively prevents session hijacking and man in the middle attacks.