Site encryption on WordPress

  • Author
  • #537755


    I need to know about encryption and SSL for wordpress sites. Anything and everything you know would be immensely helpful!
    Thanks in advance!

    The blog I need help with is



    Hi. Could you please be more specific as to what you’d like to know?

    Also, if you currently have a blog at, and in order to better assist you, would you please provide us with the URL, starting with http://?



    I am wondering how to actually apply encryption to wordpress, and where to get it from. Our URL is



    In, the only encryption I know concerns the access to your dashboard (admin area):


    The thing is, browsers need plain HTML/XHTML to be able to display a page on the web, and that plain HTML/XHTML is always viewable via a “view source” from the browser. Browsers would have to have some sort of agreed upon decryption built right into them to be able to display the encrypted page, and that sounds like a very complex thing to me.

    Short of self-hosting, getting an SSL certificate and making your whole blog https:// I don’t know that this is even possible. And, once someone logs in and goes to one of the https:// pages, they can still copy out anything that is there, or do a view source from within their browser and grab everything. The only advantage to this would be that you would have a shorter list of suspects to look at, but still there would be no way to tell exactly who copied the stuff (copy is a OS/browser function and is not logged by the web host).

    The bottom line you should always keep in mind is, don’t put anything on the web that you don’t want to be copied and used elsewhere. It is virtually impossible to stop thieves that are set on taking your stuff.

    Sad but true.



    Judging from the number of questions about this recently when in four and a half years I’ve seen maybe three inquiries, I think Mashable must have done a post on encryption or something.

    The short form is: if you want to keep secrets, do not use the internet. If you want to publish information that you want strictly kept from the majority of the world, do not use the world’s most powerful communication device to publish it.



    I am going to go deep into the realms of the undocumented and probably unsupported here. I am describing this out of interest rather than sugesting that anyone should use it. I have noticed that:

    1) If you have a non-domain mapped wordpress blog you actually can get an ssl connection to your blog by typing https://<myblog&gt;, where <myblog is your name. However you will get a warning about a mixture of secure and insecure contents as all images are served via http:

    2) If you have a doman-mapped blog you can type https://<yourdomain&gt;.com (or .org or whatever) and get a secure connection, but your browser will warn you that the certificate is only valid for * and is being used for <yourdomain>.com. Again it will have a mixture of insecure and secure elements.

    I should warn that this really achieves very little, as the blog will always be available on an insecure connection. I suppose if you had a private blog and trusted that all of your readers would absolutely always remember to type https when accessing the site it might give you some comfort that it couldn’t be snooped. They would also have to remember to check any links they follow, as the https is rather inconsistantly applied to inter-site links.

    Also, I think that this availability via https is an unintended side-effect of the way WordPress imlements secure connections to your control pannel pages – and may stop working with any update.

The topic ‘Site encryption on WordPress’ is closed to new replies.