I wanted all admin traffic and passwords to this blog to be encrypted. I could (should) have used a plugin, but just to get things going I used apache mod_rewrite and mod_ssl.
Here is a cut down apache config to make this work.
<VirtualHost *:80>
…
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/wp-admin/.*$ [OR,NC] [C]
RewriteCond %{REQUEST_URI} ^/wp-login.*$ [NC] [C]
RewriteRule ^(.*)$ https://reluctantgreenie.com%{REQUEST_URI} [R=301,L,NE]
…
</VirtualHost>
…
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/wp-admin/.*$ [OR,NC] [C]
RewriteCond %{REQUEST_URI} ^/wp-login.*$ [NC] [C]
RewriteRule ^(.*)$ https://reluctantgreenie.com%{REQUEST_URI} [R=301,L,NE]
…
</VirtualHost>
<VirtualHost *:443>
…
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/wp-admin/.*$ [NC] [C]
RewriteCond %{REQUEST_URI} !^/wp-login.*$ [NC] [C]
RewriteRule ^(.*)$ http://reluctantgreenie.com%{REQUEST_URI} [R=301,L,NE]
…
</VirtualHost>
All it does is redirect some interesting stuff to HTTPS (where I have a snake oil certificate), and un-interesting stuff back to HTTP.
Recent Comments