How To Secure BuddyPress with SSL

Today I had to secure a BuddyPress site with a standard SSL certificate.

Adding define(‘FORCE_SSL_ADMIN’, true); to your wp-config.php file will get you most of the way there. This simple step will secure your wp-admin and wp-login.php pages, but it will not secure the BuddyPress end of things.

To force SSL on BuddyPress member, group, forum, and registration pages, you need to add the following to your .htaccess file:

#Force BuddyPress member, group, forum, and registration pages to use SSL - via http://codex.wordpress.org/Administration_Over_SSL
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^/?(members/|groups/|forums/|register/) https://yourdomain.com%{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]

(Make sure to change “https://yourdomain.com” to your actual url.)

I pretty much suck at .htaccess tricks, so let me know if you know a better way to pull this off. 🙂

Check out the SSL page in the WordPress Codex for more info.

Posted in ,

Toby Cryns

Toby Cryns is a freelance CTO, expert WordPress consultant, and teacher.

He offers free advice to improve your freelance biz.

He also publishes small droppings every now and then to twitter.com/tobycryns and twitter.com/themightymo

Follow Toby's contributions on Github and WP.org.