I have a lot of info that I need to put into xdirectory but before I do I want to make sure everything is as secure as possible.

I have a SSL on my site and I want to make it so you can ONLY login to XOOPS side of it and stay in SSL when you are on the site. but I know if you type in http://www.domain.com/xoops you can still see everything and login. How can I change this so it redirects to https://www.domain.com/xoops if someone forgets the S for the SSL.

I work locally also with SSL (testing mostly). Works great, but may I remind you that SSL does not make your script safe or so, it justs encrypt the connection, so people can't read your exchange of data with the server (it it possible, however almost not possible ).

If your XOOPS_URL is set to your https link, ALL links in your XOOPS site will redirect to it, so people won't even notice the change (however, they might ofcourse get a warning they changing from unsecure connection to a secure connection, depending on preferences).

True, if your mainfile.php directive is https then you will force SSL at the first click.

To prevent any pages from non SSL you have lots of options depending on the server. An Apache Redirect at the server level can force it to SSL. I do this for all the variations of the domain name to force the browser to the main site (prevents a double login).

An .htaccess config can also do this:

#SSLRequireSSL
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R]