I got bored so I learned how to setup HTTPS on the admin parts of my WordPress blog. At first I was generating self-signed certificates because I read that buying a third-party verified certificate could cost upwards of $100 per year.
Then I saw this Ars article on getting a legit one for free.
After enabling mod_ssl on Apache and following the Ars guide above, I was ready to secure the admin parts of WordPress. The general idea is to:
1. Set up two virtual hosts with the same url (the blog url), one secure, the other not. 2. On the secure virtual host, set up a rewrite rule that shuttles all non-wp-admin traffic to the insecure site. 3. On the insecure virtual host, set up a rewrite rule that shuttles all traffic to wp-admin to the secure host. 4. Put in a filter (via a plugin) that filters the links in wp-admin so that once activated, administrative links are rewritten to use https and that edits cookies to work only over encrypted connections.
For the insecure virtual host:
1 2 3 4 5 6 7 8 9 10 11 12
For the secure virtual host:
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Now I can finally see a nice green lock symbol in Google Chrome.