WordPress Announcements News and Information
WordPress Announcements News and Information

WordPress Force SSL everywhere Plugin

Force SSL everywhere is a WordPress plugin by Boštjan Cigan that forces SSL on all pages when a user is logged in (not only on admin ones).

Why would you need it? Check the plugin author’s blog post – WordPress Session Hijacking and Prevention at: http://zerocool.is-a-geek.net/?p=912

How does it work?
A user logs in,
a cookie is set that is sent only through HTTPS,
WordPress checks if this cookie is set,
if not, the user is logged out.
This effectively prevents session hijacking and man in the middle attacks.

Download: http://wordpress.org/extend/plugins/force-ssl-everywhere/

Leave a comment

Your email address will not be published. Required fields are marked *