Skip to content

Force SSL Admin

Force SSL Admin always opens your dashboard and login screen over a secure https:// link. Anyone using the old http:// address is sent to the encrypted URL automatically.

  • Optionally force HTTPS for the WordPress dashboard (wp-admin).
  • Optionally force HTTPS for the sign-in page (including custom login URL handling).
  • Redirect type: permanent 301 (recommended) or temporary 302 for testing.
  • Generates a personal safety link that can turn the module off if HTTPS misconfiguration locks you out (single-use; regenerating invalidates the old link).
  • Redirects do not start until you save settings with at least one area selected.

Enable it if:

  • The site has a working SSL certificate.
  • Staff still bookmark http:// admin or login URLs.
  • You want an emergency disable link stored offline before enforcing redirects.
  • WordPress dashboard (wp-admin)
  • Sign-in page (login screen)
  • Redirect type - Permanent (301) or Temporary (302)
  • Safety link - copy, and optionally Create new link
  1. Confirm HTTPS works for the site in a browser.
  2. Go to WP PowerSuite -> Modules -> Security.
  3. Toggle Force SSL Admin on and confirm the warning.
  4. Open settings, enable dashboard and/or sign-in protection, choose redirect type, save, then copy the safety link to a secure place.
  • Save settings with both areas enabled and 302 while testing.
  • Visit http://yoursite.example/wp-login.php (replace with your host).
  • ✅ Pass: browser lands on the https:// login URL.
  • Repeat for /wp-admin/.
  • ❌ Fail: fix SSL first; use the safety link if you cannot reach admin over HTTPS.
  • Redirect loop. Usually mixed SSL termination at a proxy - fix host HTTPS config or turn the module off via the safety link.
  • Locked out. Open the saved safety link once; it disables the module and shows a success screen.
  • No redirect yet. Choose at least one area and save settings.
  • Old safety link fails. Links are single-use; create a new link in settings after use.
What does Force SSL Admin do?

It redirects selected admin and login URLs from HTTP to HTTPS using your saved settings.

Is Force SSL Admin free?

Yes. Enable it under WP PowerSuite -> Modules.

What is the safety link?

A secret one-time URL from module settings that turns Force SSL Admin off if HTTPS problems lock you out.

Should I use 301 or 302?

Use 302 while testing, then switch to 301 (permanent) for production.

How do I turn Force SSL Admin off?

Use the safety link, or go to WP PowerSuite -> Modules and toggle Force SSL Admin off over HTTPS.

Developer notes (hooks & filters)

Source: modules/force-ssl-admin/module.php. Boot: critical · context: both.

Hooks: admin_init, login_init, template_redirect, force_ssl_admin, secure_auth_redirect, wp_powersuite_module_toggled, AJAX regenerate emergency key.