WordPress and Shared SSL
Over the weekend, I decided to move my website, once again, to BlueHost. DomainsMadeEasy just wasn’t cutting it. I constantly received “down” messages and when I called support, they dismissed me and refused to live up to their 99.9% SLA.
Upon migrating over, I wanted to be sure to take advantage of the shared SSL BlueHost provides in order to keep my WordPress login and admin area more secure. Little did I know, it was a bit more daunting to figure out then I expected it to be. Since it took me nearly 2 days to figure out the solution, I wanted to share it the “interwebs.”
First of all, the Admin SSL plugin that pops-up everywhere on Google when searching for using WordPress with shared SSL doesn’t work and the author seems to have stopped supporting the shared SSL functionality of it. So, that was a bust.
So, after playing around a bit, I added the following to my wp-config file, replacing USERNAME with my BlueHost user name and BLOG_DIRECTORY with the path to where I installed WordPress (note: this is specific to BlueHost):
define('WP_SITEURL', 'https://secure.bluehost.com/~USERNANAME/BLOG_DIRECTORY');
From there, I needed to insure my ‘wp-content’ folder stayed intact, so I also added the following to the wp-config file (this can be altered in the “Miscellaneous Settings” section as well):
define('WP_CONTENT_URL', 'http://blog.justinkorn.com/wp-content');
These two changes seemed to make everything work properly. When I attempt to login via wp-login.php, I am redirected to the shared SSL url and when I upload new content, everything goes to the proper place with in the wp-content directory.
The only caveat that I have seen so far is after clicking around within the admin area a few times, I receive the following message:
Too many requests received. Please wait a few minutes and try again.
Eventually the message goes away and I’m able to work again, so it’s not the end of the world, but it is a bit annoying.
In the end, however, I have a secure WordPress Admin area and I’m not shelling out the $30/yr for the dedicated IP or however much it is for the private SSL certificate. Hopefully this setup will prove to last; only time will tell.
Till next time…