What was the issue?

My only issue is that I can go to https://www.outsourcing-buzz-blog.com/ (or some other page other the login URL) and it doesn’t redirect to the non-https page. I don’t want (need) any of the pages to be https except for the login. Even if I changed it to FORCE_SSL_ADMIN, I would still have the same issue with the non-admin pages.

Any thoughts in this area? Am I missing something? I think the FORCE_SSL_LOGIN/ADMIN does part of the job, but it doesn’t handle redirecting all the https requests that should be http.

SSL technically has nothing to do with people making payments through your website, credit card processing, or anything else related. At its simplest explanation, SSL is a protocol that you can use to encrypt data being transmitted between your website and a web server.

In this case, the web server is the computer your website is hosted on with your web hosting company.

So why do you see SSL always attached with websites using credit card processing?

First, SSL is not required for payment processing. So let’s say you went to some e-commerce website and wanted to buy a t-shirt. If the website was not using SSL encryption (https://), then when you fill in your credit card info and click “submit”, your c.card info would be sent over the Internet unencrypted and someone snooping around online for unencrypted content might intercept your data.

Not ideal, right?

Alternatively, if the website that sold those t-shirts used SSL encryption, then your c.card info would only be sent across the Internet encrypted, and if that same person now intercepted your info, they’d see a garbled mess of meaningless characters instead of your credit card info.

So SSL and credit card processing are two separate things but should be used together to protect sensitive data.

By using SSL with our blogs, the sensitive data we are protecting is not a credit card number, but rather our precious login info.

SSL comes in two forms, free and not free. Stick with the “not free” kind. The free SSL option only some web hosts allow you to do and it is “shared”. Don’t share anything – if you ask me.

To use SSL with your website you do need to purchase an SSL Certificate and get it set up to work with your website. Prices range from $20/year to much much more.

I think investing $20 or $30 a year in blog security is money well spent, but it seems many people think otherwise until after their blog gets hacked.

What a shame.