How to protect login via SSL but not the rest of the dashboard

It is probably possible, but if you do it the security impact is like not using ssl at all unless all you want to protect is your user and password and don’t care much about protecting against actual hacking into the site.

While user and password are sent only as part of the login form, an equivalent authentication information generated from them is transferred with every request you make to the site in a cookie. Since they are always sent and needed to access the admin there is no much point if you encrypt the authentication information for one page but let them to be sent in free text to other pages.

Unless specifically looking to get your user and password, the hacker that tries to break into your site by monitoring your communication does not care if he got your user and password by intercepting the login info on the login page or by intercepting the cookies on a post edit page.

Related Posts:

  1. What is .crt and .key files and how to generate them?
  2. NET::ERR_CERT_REVOKED in Chrome, when the certificate is not actually revoked
  3. https connection using CURL from command line
  4. How to generate a self-signed SSL certificate using OpenSSL?
  5. Convert .pem to .crt and .key
  6. Simple Java HTTPS server
  7. HTTPS connection Python
  8. SSL_ERROR_BAD_CERT_DOMAIN
  9. CFNetwork SSLHandshake failed iOS 9
  10. What exactly is cacert.pem for?
  11. OpenSSL: unable to verify the first certificate for Experian URL
  12. “The underlying connection was closed: An unexpected error occurred on a send.” With SSL Certificate
  13. How to disable cURL SSL certificate verification
  14. Getting error in Curl – Peer certificate cannot be authenticated with known CA certificates
  15. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  16. Issues with installing python libraries on Windows : CondaHTTPError: HTTP 000 CONNECTION FAILED for url
  17. WordPress wp-admin https redirect loop
  18. Is it safe to use sslverify => true for with wp_remote_get/wp_remote_post
  19. Howto force SSL for all requests?
  20. Local version of a WordPress site – SSL/HTTPS enforced?
  21. Images causing Mixed Content with SSL
  22. bloginfo() and get_template_directory_uri() with SSL?
  23. Favicon causes mixed content warning over SSL
  24. After updating site to use SSL all images in posts point to http://
  25. What’s the right move with SSL for user based site?
  26. I am locked out of my WordPress site after changing site URL from Http to Https
  27. Enabling SSL on wordpress results in 404
  28. In WP versions >= 4.0, is FORCE_SSL_LOGIN forcing HTTPS for the entire admin session?
  29. SSL Certificate and WordPress
  30. Pointing SSL Enabled URL at Single WordPress Page
  31. Occasional HTTPS Mixed Content Warning
  32. Divert http to https with WordPress on IIS
  33. WordPress : To load all asset files coming from HTTP to HTTPS?
  34. Google maps causing mixed content in header
  35. Cloudflare and SSL breaks wordpress – Mixed Content & Unable to use Admin
  36. XML asset fails to load using https
  37. Search and replace http:// links to https:// to get the green padlock
  38. I changed my site from HTTPS back to HTTP and now it is broken- Cannot access Admin panel on HTTP URL
  39. WordPress site shows “File not found.” if opened through https
  40. How to set up HTTPS WordPress from Install Step?
  41. wp_remote_get – curl error 28 connection timed out – using SANS in URL
  42. SSL certificate error on Google Chrome , IE [closed]
  43. How do I set up a local version of my https wordpress site for testing and development using MAMP
  44. WordPress + SSL + Varnish + Pound
  45. Certain header elements not served over https
  46. wordpress http to https windows server
  47. Jetpack “Connect to WordPress” serving insecure content under HTTPS
  48. Allow non-SSL pages to use https or Force non-SSL pages to http?
  49. Website access with http and https
  50. Redirect the whole blog to SSL but not the RSS feed (under Nginx)
  51. WordPress 4.0 Forces entire site into SSL
  52. How to control SSL in WordPress for automatically changing http to https?
  53. All content is HTTPS, but browsers warn of HTTP mixed content [closed]
  54. How do I handle SSL properly when WP is behind a reverse proxy?
  55. Hi do I change Media files that still show as http after installing ssl
  56. Errors on a single host using wp_remote_get() unless sslverify is set to false
  57. How to keep WP from using https to get to wordpress.org?
  58. How do I find non-SSL problems on my SSL page?
  59. SSL doesn’t work on certain pages – what is wrong?
  60. WordPress site shown as Not Secure on Chrome when SSL certificate is valid
  61. Self signed certificate issue with WooCommerce rest api connection
  62. ERR_TOO_MANY_REDIRECTS on wordpress page [closed]
  63. Disable WordPress accessing WordPress.org to check for updates
  64. URLs not being output with https
  65. The REST API request failed due to an error. cURL error 60: SSL certificate problem: certificate has expired
  66. Do I install WordPress from my Cpanel on https or http, if my website has valid certificate?
  67. SSL not working fine, Home url not matching with site url wordpress errors
  68. Website Migration (with https) to a new domain(http)
  69. How to move my local wordpress to https?
  70. Why does WordPress uses HTTPS for JS, CSS on EC2
  71. ERR_SSL_PROTOCOL_ERROR
  72. WordPress – SSL not working – browser console error “Mixed Content” and “Failed to load resource”
  73. Implications of not completing all tasks when switching to HTTPS
  74. Update not working after installing up SSL
  75. Problem forcing San SSL certificate on WordPress
  76. Front-end pages messed up due to HTTPS
  77. How come all my http URLs are turned to https?
  78. site on subdomain is redirecting to main site after installing wildcard ssl cert on both
  79. Forcing SSL (Bad Theme coding)
  80. WordPress Insecure Content
  81. SSL certificate breaks CSS (in combination with W3TC)
  82. I would like to add ssl certificate to my already existing wordpress site
  83. WordPress and SSL
  84. My WordPress site SSL is in red crossed color and can’t load at first time?
  85. SSL/HTTPS Redirect Loop
  86. The plain HTTP request was sent to HTTPS port in wordpress [closed]
  87. Adding SSL certificate to the front end of my site
  88. iHow to redirect all http traffic to https now that a SSL certificate is added?
  89. Moving WordPress from http to https over existing site
  90. WordPress stuck at Step 1 of setup behind nginx reverse proxy
  91. Issue when site move from ssl domain to new domain without ssl
  92. how to download the ssl certificate from a website?
  93. What is a challenge password?
  94. Is there a reason to use an SSL certificate other than Let’s Encrypt’s free SSL?
  95. How do I clear Chrome’s SSL cache?
  96. Properly setting up a “default” nginx server for https
  97. Does each server behind a load balancer need their own SSL certificate?
  98. Generating a self-signed cert with openssl that works in Chrome 58
  99. Changing my URL in General Settings cause the site to crash
  100. wordpress is auto using http: not https: as it needs to because the server is http behind a reverse proxy https, how do I stop it?