At work, we are securing the admin panel for the multi-site WordPress installation we are running. We have 300+ sites currently and it grows every week. We are also migrating an additional 1000+ blogs from a legacy platform to WordPress so in the near future we will have close the 1400 blogs on a single multi-site installation.
Configuring WordPress for a SSL admin panel is not very difficult. In fact that was the easy part, thanks to a plugin from Mvied the hard part is getting all of the currently used plug-ins to work correctly under SSL. Making sure they are not using hard-coded schemes, the fix is easy but on a current installation that contains well over 50 plugins, I have to log into enough blogs to cover all of the installed plugins and check for any non-secure pages.
Not fun, but necessary.
Plugins I have sent patches in to add SSL support are:
co-authors-plus
WPMU Domain Mapper
I also sent patches in for the WordPress HTTPS plugin, and once I get a few free cycles(yeah, right) I’d like to help with the performance of the plugin.
There is a noticeable slow down in the admin panel when it is behind SSL, even though I am terminating the SSL on the load balancers so the WordPress servers(Ubuntu running Nginx with PHP-FPM) are not doing any of the heavy lifting with encrypting traffic. The increased traffic caused by the encrypted text is enough to cause a slow down in responsiveness, not bad but you can tell is is slower.
We have a couple of sites in production right now, with pretty good results, but we still need to verify many more plugins.
I’ll keep you posted on the results.
Wow, this would provide the ultimate security. Now that I know this is possible in my wordpress site, I won’t have to be afraid of any hacking. This is what I like about these wordpress sites. Thank you fro sharing this post.OmniTech Support Review