Ideally, all logged in users (especially those being able to execute PHP code) should only access the website over a secure channel in order to prevent man in the middle attacks. The proper way of doing this is, of course, using HTTPS connections. Unfortunately, the world is not ideal and for a variety of reasons, HTTPS might not be available:
- The webserver was simply not configured to support it.
- Port 443 might be blocked by a firewall.
- HTTPS is not available due to virtual hosting.
When SSL encryption is not available, the second best solution is arguably using SOCKS over SSH. To use the SOCKS protocol, first open a SSH tunnel to the webserver like this:
ssh -C2TnN -D 8080 user@www.example.com
This will open port 8080 on the local machine and forward any traffic to www.example.com via a tunnel.
Next, configure the webbrowser for doing administrative tasks (hint: it can be handy to install a second web browser just for doing privileged tasks) for using SOCKS. Most browsers will have the according settings on their proxy settings page.