By default eventhough if your site has SSL certificate it should make any page of your site can be accessed only via https, but in wordpress it’s little different. WordPress Admin is always accessible through http:// and not through https:// because of this, the traffic that goes between your site and the server can be eavesdropped and listened to..
But there are couple of solutions for this
- You can install some of the SSL Plugins
- You can edit your wp-config file which is available under Root folder
Let us see more about how to do it by adding a single line in the wp-config file under your root folder (Root folder means the folder under www.site.com where your wordpress is there)
All you need to add his the below code
define ('Force_SSL_LOGIN', true); Once you add the above code, any logins will be forced to use https mode whereas the WP Admin will be still in non https mode so to enable SSL for wp-admin just add the below
define ('Force_SSL_LOGIN', true);
define ('Force_SSL_ADMIN', true);