Can shared SSL be used for encrypting login to WordPress admin?

Avatar
InMotionFans
  • Answered
Is it possible to use InMotion Hosting's shared SSL to log in to WordPress admin? Or, to clarify -- since I'm currently successfully using the shared SSL URL to do just that while the site is not yet live -- is it possible to log in over the shared SSL URL even after the site's domain is changed to the "real" domain within WordPress? It seems overkill to purchase a dedicated SSL cert just for logging in to WordPress (SSL isn't needed on the public-facing site), so I'd like to see if the shared SSL method is an option first. Thanks!
Replies 1
Avatar
0
IMH Support Agent 5
Hello, Thank you for contacting us about using the shared SSL for WordPress login pages. This is possible, but I would advise against it. In the long term this would mean that your visitors would be redirected to a different domain. WordPress does not work this way in its standard configuration; this would require custom coding or perhaps an obscure plugin — and may still cause problems. Also, you must consider what you are hoping to protect with an SSL. You are right in your thinking that purchasing an SSL for a login screen would be superfluous; and this would not work in either case. SSLs are assigned to domain names, not particular pages or directories. For example, you can have 'example.com' with no SSL and secure.example.com with an SSL. The SSL is meant to protect the transfer of sensitive information with encryption. It will not protect your site against the most common attack: brute force on the login page. Basically, you do not need any SSL on a WordPress site if you are using secure passwords and keeping up with regular maintenance. However, if your visitors will be providing sensitive information like credit card numbers or social security numbers then you should consider buying a dedicated SSL to protect the information from being intercepted by malicious third parties. Best, Christopher M.