This simple plugin will ensure that all requests to ‘wp-login.php’ and ‘wp-admin/*’ are redirected over HTTPS. By using HTTPS you mitigate the risk of attackers capturing sensitive information such as usernames and passwords, which when accessed over HTTP provide no level of security.
Please ensure that your site supports HTTPS before enabling this plugin. This can be done by pointing your browser to ‘https://yourblog/wordpress/’.
Please be aware that this plugin is still new and may have some bugs. If you run into problems simply delete the plugin and report the bug to us.
bs-wp-https.php can be downloaded here.
Just rename it to bs-wp-https and drop in in your wp-content/plugins directory. It can be enabled from wp-admin.
Enjoy!