One of the key moments in the security site on WordPress engine is to install a special SSL-certificate. With it, users will be able to communicate with your site through a safe and secure connection protocol. But we will need to do some, though simple job to determine what information should be protected and make sure it leaves the site in this way. 8Theme offers a great deal of premium WordPress themes with secured protection or the ability to add such protection to your theme.
What is SSL protection in WordPress themes?
Protocol SSL is a standard for the exchange of secure information between a website and a web browser. Without going into the details of the technical part of his work, it can be explained as follows: it establishes a relationship of trust between the server and the web browser. When the "trust" is established, the server encrypts the data so that only the final recipient (client) will be able to decipher them.
These precautions are taken because of the likelihood that any data transmitted via the Internet from one point to another, may at any time be intercepted by hackers or other members of the network.
Using SSL site requires the installation of special certificate. The acquisition of such a certificate, the browser sends important information about the safety of your site. In most browsers, when you visit a secure site, you'll see an icon in the form of a green padlock in the address bar. This means having SSL -Certificate:
Availability of SSL is a must for any e-commerce website with WordPress themes, and is recommended for those who are dealing with the exchange of sensitive information. We will not go into the details of how to add a certificate to your hosting package, as it depends on the type of hosting provider. But the good hosting company will offer you the easiest way to install SSL-certificate.
Where and how to use HTTPS?
You can customize the WordPress site so that visitors using HTTPS at the entrance to the site, using the admin, on each or on certain pages of your website. There are two approaches to determining the need for its use. The first should be on request. That is, only the most sensitive files. The second way is for the entire site with WordPress themes.
The disadvantage of using SSL for the entire site is the protocol HTTPS is slower than HTTP. The reason is that the data must be encrypted before it is sent and decrypted when received. And this is an additional load on the server, sending data and a web browser, to receive them. Accordingly, this process requires additional time.
Since page loading speed is very important for the end user and to SEO, you need to determine whether significant protection insensitive content (such as content pages accessible to all users). This, of course, depends on many factors and is determined after evaluation and testing your site.
In most cases, the most sensitive data include information of a personal nature concerning the company. The financial information, passwords, credit card numbers, etc – all of the data can be protected. And, as mentioned earlier, the HTTPS setting is a prerequisite for all e-commerce sites with WordPress themes you can buy from 8Theme sites.
Configuring SSL manually to WordPress themes
There is a constant, you can use the file wp-config.php and ensure a secure connection to the admin. And this constant - FORCE_SSL_ADMIN - requires SSL-certificate and HTTPS access to any place in the admin panel in WordPress themes.
By default, this feature is turned off. To enable it, you need to add to the file wp-config.php the following code:
define ('FORCE_SSL_ADMIN', true);
Read a great article in the WordPress Codex on how to configure HTTPS for the whole site and frontend encrypted pages.
But if you cannot do it all by two constants, then there is another way - using a plug. What we now discuss.
Using the plugin for HTTPS protection to WordPress themes
There is an excellent free plugin WordPress HTTPS (SSL), with which you can very easily make all the settings. However, the plug-in has not been updated for a long time and, as you can see from the catalog of plug-ins tested only for version WordPress 3.5.2. But it works perfectly well with versions 3.9 and 4.0. This plug-in provides two functions. It allows you to set global SSL-settings for your site or sites.
If you do not want to use SSL for the entire site, the plug-in allows you to select specific records and pages for it. The setup process is pretty simple plugin. The control panel enables you to configure options for the entire site (or multiple sites, if you have a multisite installation of WordPress).
The plugin also provides a complement to each editor metaboxes blog that allows you to customize the post or page. This is very handy if you need to secure access to multiple pages at once.