HTTPS for /wp-admin/ and HTTP for everything else?

Posted on

HTTPS for /wp-admin/ and HTTP for everything else? – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about apache-2.2, .htaccess, http, https, wordpress.

I’m running a WordPress site on a shared Apache server on Dreamhost. I already have define('FORCE_SSL_ADMIN', true); set (and working) in my wp-config.php so that SSL is used for the /wp-admin/ directory.

Can you point me to a .htaccess set of rules that will still maintain /wp-admin/ over https, but redirect any other directory/URL to use http? All help is appreciated. Thanks.

Solution :

RewriteCond %{REQUEST_URI} !^/wp-admin/
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} (.*)
RewriteRule ^/(.*) http://%1/$1 [L,R,QSA]

Note that if your admin interface loads images, CSS, JS, etc. out of a directory other than /wp-admin/ (which by default it does), this will probably make a warning appear on your browser (and will likely compromise the security you were trying to gain). You can add something like:

RewriteCond %{REQUEST_URI} !.(js|css|jpg|gif|png)$

to resolve that, just keep adding extensions until you’ve got everything covered.

Leave a Reply

Your email address will not be published.