In WordPress (v3.3), FORCE_SSL_LOGIN will transmit login credentials over SSL, however, the login page itself may be accessed over HTTP (as opposed to HTTPS). If the login page is accessed via HTTP, the user has no (easy) way of verifying that the page is legitimate and that the credentials will in fact be sent over… Continue reading WordPress – SSL login page without SSL admin