Securing WordPress Admin Access With SSL
See http://blog.blackdown.de/2005/05/18/securing-wordpress-admin-access-with-ssl/

wp-ssl.patch (by Juergen Kreileder <jk@blackdown.de>):

* Use secure authentication cookies in wp_setcookie()
* Make check_admin_referer() working with HTTPS URLs
* Disable login over XML-RPC

=== wp-includes/pluggable-functions.php
==================================================================
--- wordpress/wp-includes/pluggable-functions.php   (/wordpress/trunk)   (revision 2672)
+++ wordpress/wp-includes/pluggable-functions.php   (/wordpress/local)   (revision 2672)
@@ -148,22 +149,22 @@
 		$cookiehash = md5($siteurl);
 	}
 
-	setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $cookiepath);
-	setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $cookiepath);
+	setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $cookiepath, '', 1);
+	setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $cookiepath, '', 1);
 
 	if ( $cookiepath != $sitecookiepath ) {
-		setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $sitecookiepath);
-		setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $sitecookiepath);
+		setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $sitecookiepath, '', 1);
+		setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $sitecookiepath, '', 1);
 	}
 }
 endif;
 
 if ( !function_exists('wp_clearcookie') ) :
 function wp_clearcookie() {
-	setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
-	setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
-	setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
-	setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
+	setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, '', 1);
+	setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, '', 1);
+	setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, '', 1);
+	setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, '', 1);
 }
 endif;
 
=== xmlrpc.php
==================================================================
--- wordpress/xmlrpc.php   (/wordpress/trunk)   (revision 2672)
+++ wordpress/xmlrpc.php   (/wordpress/local)   (revision 2672)
@@ -120,11 +120,11 @@
 	}
 
 	function login_pass_ok($user_login, $user_pass) {
-	  if (!user_pass_ok($user_login, $user_pass)) {
-	    $this->error = new IXR_Error(403, 'Bad login/pass combination.');
+// 	  if (!user_pass_ok($user_login, $user_pass)) {
+	    $this->error = new IXR_Error(403, 'Go away!');
 	    return false;
-	  }
-	  return true;
+// 	  }
+// 	  return true;
 	}
 
 
=== wp-admin/admin-functions.php
==================================================================
--- wordpress/wp-admin/admin-functions.php   (/wordpress/trunk)   (revision 2672)
+++ wordpress/wp-admin/admin-functions.php   (/wordpress/local)   (revision 2672)
@@ -468,7 +468,7 @@
 function check_admin_referer() {
 	$adminurl = strtolower( get_settings('siteurl') ) . '/wp-admin';
 	$referer = strtolower( $_SERVER['HTTP_REFERER'] );
-	if ( !strstr($referer, $adminurl) )
+	if ( !strstr($referer, preg_replace('/^http/', 'https', $adminurl)) )
 		die(__('Sorry, you need to <a href="http://codex.wordpress.org/Enable_Sending_Referrers">enable sending referrers</a> for this feature to work.'));
 	do_action('check_admin_referer');
 }