WebFaction
Community site: login faq

I'm currently reinstalling WP on some sites following some nasty hacking activity, and trying to figure out what settings on Better WordPress Security (a plugin) work to my advantage. One of them, "require a secure connection for admin login", states the following:

Secure Socket Layers (aka SSL) is a technology that is used to encrypt the data sent between your server or host and the visitor to your web page. When activated it makes it almost impossible for an attacker to intercept data in transit therefore making the transmission of form, password, or other encrypted data much safer.

Better WP Security gives you the option of turning on SSL (if your server or host support it) for all or part of your site. The options below allow you to automatically use SSL for major parts of your site, the login page, the admin dashboard, or the site as a whole. You can also turn on SSL for any post or page by editing the content you want to use SSL in and selecting "Enable SSL" in the publishing options of the content in question.

While this plugin does give you the option of encrypting everything please note this might not be for you. SSL does add overhead to your site which will increase download times slightly. Therefore we recommend you enable SSL at a minimum on the login page, then on the whole admin section, finally on individual pages or posts with forms that require sensitive information.

WARNING: Your server MUST support SSL to use these features. Using these features without SSL support on your server or host will cause some or all of your site to become unavailable.

Does WebFaction support this sort of thing, or would I have to have a security certificate for my whole site to enable this?

asked 02 Dec '13, 11:52

mattshepherd
4541830
accept rate: 0%


WebFaction does support SSL. You would need to create a website record with the HTTPS option enabled for this to work, but your access to the whole site doesn't have to be exclusively via HTTPS. You can run a non-HTTP site in parallel just by making a duplicate website record in the control panel without the HTTPS option enabled.

You will need an SSL certificate in any case, even if you only intend to access a portion of the site via HTTPS. You don't necessarily have to buy one; we have a shared certificate installed on all servers which you can use if you like. It will just show a warning as it was created initially for *.webfaction.com domains, but the secure functionality will work just as well.

permanent link

answered 02 Dec '13, 22:04

waynek
4254
accept rate: 27%

Could you explain how to use the shared SSL certificate?

(25 Jan '14, 17:15) JustAnotherW...

To use the WebFaction certificate you just need to enable HTTPS on your website by creating a new or editing an existing website and clicking the HTTPS enabled option. Note that using the WebFaction certificate will result in a name mismatch error on the site.

(25 Jan '14, 17:31) timg ♦♦

Try wordfence plugin, I used it in all of my WP sites.

permanent link

answered 12 Jan '14, 04:25

min0taur
112
accept rate: 0%

If you login to Wordpress only with a few locations (IP addresses) it's much better to block access to the wp-login.php script and the wp-admin directory.

I use wordfence for a view site but doesn't protect your site because the hacker is using multiple IP addresses.

SSL doesn't protect your site

permanent link

answered 04 Feb '14, 15:09

finalwebsites
111
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×244
×93
×69

question asked: 02 Dec '13, 11:52

question was seen: 2,503 times

last updated: 04 Feb '14, 15:09

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM