Using amazon RDS with WordPress over SSL

I am migrating our WordPress database to RDS, which is also used by other services in our infrastructure. But I couldn't find a configuration option for wp-config.php

where I could specify that SSL will be used when connecting to the server. This will also require a link to the certificate entitlement file provided by Amazon. The application server that WordPress is currently running is outside the AWS cluster.

The answers I could find were pretty old (I'm using WordPress 4.2 here) and don't provide much guidance.

How can I configure WordPress to use Amazon RDS over an SSL connection (with a public key)?


source to share

1 answer

There was the same question. Fortunately, some other people have suggested a reasonable solution here: . In the end, here's what I did to get SSL to work:

1. Add the following to your wordpress wp-includes / wp-db.php file. (except for the last two lines, which are for insert reference only)

//ADDED per
// call set_ssl if mysql client flag set and settings available
if ( $client_flags & MYSQL_CLIENT_SSL ) {
    $pack = array( $this->dbh );
    $call_set = false;
    foreach( array( 'MYSQL_SSL_KEY', 'MYSQL_SSL_CERT', 'MYSQL_SSL_CA',
        'MYSQL_SSL_CAPATH', 'MYSQL_SSL_CIPHER' ) as $opt_key ) {
        $pack[] = ( defined( $opt_key ) ) ? constant( $opt_key ) : null;
        $call_set |= defined( $opt_key );
    /* Now if anything was packed - unpack into the function.
    * Note this doesn't check if paths exist, as per the PHP doc
    * at "This
    * function always returns TRUE value. If SSL setup is incorrect
    * mysqli_real_connect() will return an error ..."
    if ( $call_set ) { // SSL added here!
        call_user_func_array( 'mysqli_ssl_set', $pack );
}//END ADD - below is the point above which to insert this

if ( WP_DEBUG ) {
    mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags );


2. Customize the wordpress wp-config.php file.

Add and configure the following lines in your wp-config.php file. You can test them from development / staging as well as production if you have multiple conditions.

define('DB_HOST', '');
define('MYSQL_CLIENT_FLAGS', MYSQL_CLIENT_SSL);//This activates SSL mode
define('MYSQL_SSL_CA', '/file/path/to/your/aws/rds-combined-ca-bundle.pem');


Note that there are 5 MYSQL_SSL * settings available that you could use in your configuration for the code in # 1 above. My RDS connection works over SSL with the _CA option only.

3. A health check means your connection is encrypted.

Add a quick test file to show if the current Wordpress connection is using SSL or not. Create a sample file like this called test.php and put it in your wordpress root or somewhere accessible website. Remember to delete this file when testing is complete.

require( dirname( __FILE__ ) . '/wp-blog-header.php' ); //EDIT THIS PATH SO IT IS CORRECT FOR YOUR test.php file relative to the wp-blog-header.php file
global $wpdb;
$row = $wpdb->get_row( "SHOW STATUS LIKE 'Ssl_cipher'" );

If you are connected over SSL this should output something like:
object(stdClass)#116 (2) { ["Variable_name"]=> string(10) "Ssl_cipher" ["Value"]=> string(10) "AES256-SHA" }

If you are NOT connected over SSL this should output something like:
object(stdClass)#116 (2) { ["Variable_name"]=> string(10) "Ssl_cipher" ["Value"]=> string(10) "" }



4. Expand and test the connection

Deploy your changes and test.php file to install Wordpress and restart your webserver if needed. I am using apache, so I am running

sudo apachectl restart




All Articles