WordPress administration with SSL
Normally when we log into the Dashboard, our credentials are transmitted in plaintext—that's unencrypted—meaning that they are susceptible to packet sniffing. Equally our user session can be intercepted, our cookies hacked, and the site hijacked. Not ideal then.
The best way to shore up this litany of insecurity is by implementing SSL, so that rather than log in and administer the site using http, we use https.
This is certainly not the be-all and end-all of administrative security. There can still be (greatly reduced) risks of cookie stealing and phishing when using shared certificates, and meanwhile, only partial page encryption can result from poorly written, non-SSL-compatible plugins. We shall be addressing this latter concern later on. Nonetheless, this foundation measure can be layered with further safeguards, using a mix of preventative plugins and Apache modules, as we shall see.
SSL for shared hosts
Shared web hosts tend to offer SSL with a choice...
