Force SSL Admin
Force SSL Admin always opens your dashboard and login screen over a secure https:// link. Anyone using the old http:// address is sent to the encrypted URL automatically.
What it does
Section titled “What it does”- Optionally force HTTPS for the WordPress dashboard (wp-admin).
- Optionally force HTTPS for the sign-in page (including custom login URL handling).
- Redirect type: permanent 301 (recommended) or temporary 302 for testing.
- Generates a personal safety link that can turn the module off if HTTPS misconfiguration locks you out (single-use; regenerating invalidates the old link).
- Redirects do not start until you save settings with at least one area selected.
When to use it
Section titled “When to use it”Enable it if:
- The site has a working SSL certificate.
- Staff still bookmark http:// admin or login URLs.
- You want an emergency disable link stored offline before enforcing redirects.
When not to use it
Section titled “When not to use it”Settings
Section titled “Settings”- WordPress dashboard (wp-admin)
- Sign-in page (login screen)
- Redirect type - Permanent (301) or Temporary (302)
- Safety link - copy, and optionally Create new link
How to enable it
Section titled “How to enable it”- Confirm HTTPS works for the site in a browser.
- Go to WP PowerSuite -> Modules -> Security.
- Toggle Force SSL Admin on and confirm the warning.
- Open settings, enable dashboard and/or sign-in protection, choose redirect type, save, then copy the safety link to a secure place.
How to test it
Section titled “How to test it”- Save settings with both areas enabled and 302 while testing.
- Visit
http://yoursite.example/wp-login.php(replace with your host). - ✅ Pass: browser lands on the https:// login URL.
- Repeat for
/wp-admin/. - ❌ Fail: fix SSL first; use the safety link if you cannot reach admin over HTTPS.
Troubleshooting
Section titled “Troubleshooting”- Redirect loop. Usually mixed SSL termination at a proxy - fix host HTTPS config or turn the module off via the safety link.
- Locked out. Open the saved safety link once; it disables the module and shows a success screen.
- No redirect yet. Choose at least one area and save settings.
- Old safety link fails. Links are single-use; create a new link in settings after use.
What does Force SSL Admin do?
It redirects selected admin and login URLs from HTTP to HTTPS using your saved settings.
Is Force SSL Admin free?
Yes. Enable it under WP PowerSuite -> Modules.
What is the safety link?
A secret one-time URL from module settings that turns Force SSL Admin off if HTTPS problems lock you out.
Should I use 301 or 302?
Use 302 while testing, then switch to 301 (permanent) for production.
How do I turn Force SSL Admin off?
Use the safety link, or go to WP PowerSuite -> Modules and toggle Force SSL Admin off over HTTPS.
Developer notes (hooks & filters)
Source: modules/force-ssl-admin/module.php.
Boot: critical · context: both.
Hooks: admin_init, login_init, template_redirect, force_ssl_admin, secure_auth_redirect, wp_powersuite_module_toggled, AJAX regenerate emergency key.