このプラグインは WordPress の最新3回のメジャーリリースに対してテストされていません。もうメンテナンスやサポートがされていないかもしれず、最新バージョンの WordPress で使用した場合は互換性の問題が発生する可能性があります。

Force SSL everywhere

説明

This is a very simple plugin that forces SSL on all pages when a user is logged in (not only on admin ones).

Why would you need it? If you force SSL usage only in the admin area, and use HTTP as your blog URL, then some links and buttons in the admin area revert to HTTP. This flaw is fixed by this plugin. If you want to check out details about session hijacking, you can view the screencast and the following post on my blog – WordPress Session Hijacking and Prevention.

How does it work?

  • A user logs in,
  • a cookie is set that is sent only through HTTPS,
  • all pages are redirected to HTTPS,
  • WordPress checks if this cookie is set,
  • if not, the user is logged out.

This effectively prevents session hijacking and man in the middle attacks.

Author

The author of this plugin is Bostjan Cigan, visit the homepage.

Homepage

Visit the homepage of the plugin.

インストール

Before installing and configuring the files, make sure you have configured your server to work with HTTPS and that you have a valid server certificate installed.

Optional step – Install the plugin SSL Insecure Content Fixer (so that all your style, javascript and other URLs are changed to HTTPS). It is optional, but I highly recommend it!

Now, open your wp-config.php file and add the following in the end (if not already done):

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

Save the file. Now do the following:

  1. Upload the plugin directory to to the ‘/wp-content/plugins/’ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress

And that is it. No options and no configuring is required.

FAQ

None at the moment.

貢献者と開発者

Force SSL everywhere はオープンソースソフトウェアです。以下の人々がこのプラグインに貢献しています。

貢献者

“Force SSL everywhere” をあなたの言語に翻訳しましょう。

開発に興味がありますか ?

コードを閲覧するか、SVN リポジトリをチェックするか、開発ログRSS で購読してみてください。

変更履歴

1.0

  • Initial version.