Using WordPress ‘force_ssl_login()’ PHP function

The force_ssl_login() WordPress PHP function checks if SSL login should be enforced. It’s often used in combination with the force_ssl_admin() function.


Here’s a general use case for the force_ssl_login() function:

if (force_ssl_login()) {
    // Some code that runs when SSL login is required

In this example, the function checks if SSL login is enforced. If it is, the code inside the if-statement will be executed.


  • $force (string|bool) (Optional) – Determines whether to enforce SSL login. Defaults to null.

More information

See WordPress Developer Resources: force_ssl_login()

This function was implemented in WordPress from version 2.6.0 and it is still in use up to the time of this guide’s creation. You can find the source code in the WordPress core file wp-includes/functions.php.


Enforcing SSL Login

This code enforces SSL login by passing true to the force_ssl_login() function.


Not Enforcing SSL Login

If you don’t want to enforce SSL login, you can pass false to the function.


Checking SSL Login Status

Check if SSL login is being enforced.

if (force_ssl_login()) {
    echo 'SSL login is enforced';
} else {
    echo 'SSL login is not enforced';

Enforcing SSL Login Based on Condition

Here, SSL login is enforced only if a certain condition is met. Let’s say the condition is if the site is not in ‘localhost’.

if ($_SERVER['HTTP_HOST'] != 'localhost') {

Switching SSL Login Status

This example switches the SSL login status based on its current state.


This line of code checks the current status of SSL login. If it’s currently enforced, it will stop enforcing it, and vice versa.