secure admin access on shared hosting

It’s not necessary to access via the server’s direct path, and depending on how the server is configured, it probably won’t work.

If you use this plugin to setup HTTPS access, you can identify the server as the SSL host: https://www.ads-software.com/plugins/wordpress-https/

When you access it, you’ll get a warning that the domain on the certificate does not match the domain you’re visiting, suggesting it might be forgery. As long as you recognize the domain on the certificate (your server’s domain), you’ll have nothing to worry about. Regardless of the warning, your connection will be encrypted.

And, failing all of that, certificates are getting cheaper by the day. I got mine directly through my hosting provider’s control panel (they have a partnership with a certificate authority) for just $10/year.

James, thanks for your reply.
I shall try this.
I agree that the certificate price is not an issue. However, the hosting provider I am going to sign up with, charges $24/yr for the dedicated IP + $25 for installing any certificate.

Ah, that’s also a fair price for a cert (I have seen them up to $100), but I forgot about needing to pay extra for a dedicated IP on shared. That’s a steep price. If they offer a VPS option, check that out. You’ll get your own dedicated slice of server with a dedicated IP (you won’t be sharing with anyone), and I’m willing to bet the price is close to whatever your shared price is plus the dedicated IP.

$25 is not for the certificate but rather for the job of installing it as they would not let me do it myself.
Sorry for not being clear.
I know I can find cheap certificate on the net.
The shared hosting is cheap so the VPS is more expensive than shared hosting + dedicated IP.

Sounds good to stick with that then, fingers crossed that the plugin works for you! ??

Well, it works!
Here are the exact directions:
Install WordPress HTTPS (SSL) plugin.
In the HTTPS settings (usually accessed from the sidebar) fill SSL Host field in the General Settings:
your-shared-server-name.com/path-to-your-account
(ask all these from your hosting provider).
Press Save Changes.
DO NOT fill any domain mapping as SSL Host value already filled is enough for redirection and adding domain mapping got me 404.
Log out and go to https://your-shared-server-name.com/path-to-your-account/wp-admin
If you get your login page, successful! Try going around admin area to see that it works. You should see your server name and path to your acct all the time in the browser address.
At this point you have the possibility of secure login via the server address and your path, or insecure login by your domain name.
If everything is fine, go again to HTTPS settings and check Force SSL administration. This will block insecure login.
Done! (If locked out, go to Plugin FAQ for break-in directions.)
Good luck!

Thanks for sharing your steps!

Addition: this setup does not even cause SSL certificate mismatch complaint from the browser since there is no server mismatch: all admin part of my WP site is accessed via the hosting server and my path on it, and the server is the one listed on the certificate.
??

That’s great, thanks again!

I am trying to understand this plugin. I added an ssl to my site and I just want to offer secure checkout what do I need to do? I am using Woo’s First Data plugin https://www.woothemes.com/products/firstdata/ and Bank of America will be handling the credit card portion should I till be worried?

If I set this up will this change the entire site seeing I didn’t add the “s” in the http link.

Hope I am explaining this right.

Could you please start your own topic?

https://www.ads-software.com/support/forum/how-to-and-troubleshooting#postform

It really is the best way to get support for your problem.

Bad news: this trick does not work with W3 Total Cache plugin as this plugin gets totally confused by this setting.
(It works with WP Super Cache but the latter has less features than W3 Total Cache.)

I recommend reporting that over at https://www.ads-software.com/support/plugin/w3-total-cache they might have a solution, or at the very least they should probably fix that.

This place you indicated – the support forum of W3 Total Cache – is unattended – as you can see there – so there is no point in posting there.
The way to get to the plugin developers is by filing a bug in the Support page of the plugin settings.
I have filed today another item this way with them but it was a clear bug.
As for this one, I am not sure so I am hesitant filing this as a bug.

Well, they’re the ones who can fix it if you want to keep using W3TC, so you’l have to contact them somehow. ??

There’s also https://www.w3-edge.com/contact/