Set FORCE_SSL_ADMIN to true

PostedMay 26, 2026

UpdatedMay 26, 2026

Byadmin

WARNING: Enabling this setting can interfere with administrator access if HTTPS is not working correctly for the login page or wp-admin. Confirm that the admin area already works correctly over HTTPS before saving the change.

Description of the control

This control sets the desired value of FORCE_SSL_ADMIN in the wp-config Hardening section of the Core Hardening page. It is presented as a single checkbox labeled Set FORCE_SSL_ADMIN to true.

Use this control when administrative access should be forced to use SSL through the FORCE_SSL_ADMIN constant in wp-config.php.

Procedure

In WordPress admin, open Posture Management.
Select Core Hardening.
In the wp-config Hardening section, review the detected wp-config.php path and current file status.
Click Check wp-config.php permissions if you need to verify writability.
Select Set FORCE_SSL_ADMIN to true.
Click Save changes.

Validation

After saving, reload Posture Management -> Core Hardening and confirm that Set FORCE_SSL_ADMIN to true remains selected.

Then verify that login and wp-admin continue to work correctly over HTTPS.

Getting Started

Installation

Dashboard

Core Security

Account Security

Browser Security

Email Security

File Security

Settings

Troubleshooting

Set FORCE_SSL_ADMIN to true

Description of the control

Procedure

Validation