Force SSL with WordPress
WordPress, the popular blogging CMS platform, is used as an all-purpose site software these days. The difficulty in using all-purposes solutions is that they are often difficult to customize when edge cases pop up; one of those edge cases can be forcing SSL. Many form pages, for example, will be secured to gain user trust before filling them out. WordPress provides an excellent method to secure individual pages! Here's how you can force SSL within specific WordPress pages!
The PHP
To secure a specific WordPress post or page, you'll need to know its ID. When you know its ID, it's securing the page is easy:
function force_ssl($force_ssl, $id = 0) {
// A list of posts that should be SSL
$ssl_posts = array(1, 12, 19);
if(in_array($id, $ssl_posts)) {
$force_ssl = true;
}
return $force_ssl;
}
add_filter('force_ssl' , 'force_ssl', 1, 3);
The force_ssl hook allows for us to check the post ID and force SSL if the post ID is in array of posts that should be secured! Aren't WordPress hooks great to work with?
![CSS vs. JS Animation: Which is Faster?]()
How is it possible that JavaScript-based animation has secretly always been as fast — or faster — than CSS transitions? And, how is it possible that Adobe and Google consistently release media-rich mobile sites that rival the performance of native apps?
This article serves as a point-by-point...
![Page Visibility API]()
One event that's always been lacking within the document is a signal for when the user is looking at a given tab, or another tab. When does the user switch off our site to look at something else? When do they come back?
![dat.gui: Exceptional JavaScript Interface Controller]()
We all love trusted JavaScript frameworks like MooTools, jQuery, and Dojo, but there's a big push toward using focused micro-frameworks for smaller purposes. Of course, there are positives and negatives to using them. Positives include smaller JS footprint (especially good for mobile) and less cruft, negatives...
![Full Width Textareas]()
Working with textarea widths can be painful if you want the textarea to span 100% width. Why painful? Because if the textarea's containing element has padding, your "width:100%" textarea will likely stretch outside of the parent container -- a frustrating prospect to say the least. Luckily...
Be very careful securing some pages and not others on the same site – any cookies created in the secure area (for instance for login or user details) will be sent unencrypted to non-SSL pages, making interception attacks easy.
Is it feasible to turn off cookies for secured pages? If so, how?
Wondering what file you paste in the code above to secure a page/s with SSL.
Also, are you saying that this piece of code:
$ssl_posts = array(1, 12, 19); you simply replace those numbers with your page id?
And with this code:
add_filter(‘force_ssl’ , ‘force_ssl’, 1, 3); what is it’s purpose and do you also replace these numbers?
I’d also be interested to know more about what Keith Henry has said about cookies potentially being sent unencrypted to non-SSL pages.
Does this filter still exist? I can’t find any reference to it in the WordPress docs or code. As a result, I can’t seem to get this snippet working.
Works like a charm!