Need help? Check out our Support site, then


Have secure https on home page

  1. Please, there must be some way of using https or at least viewing via https on the home page. I just found the cogwheel icon (or is it a star?) that, when clicked, gives http access to settings including account, password, public profile etc.

    What the HELL is the point of having a secure login for the dashboard if it's not used globally for settings?

    And I presume, eventually, you'll be doing away with our dashboards completely. So - will there be ANY security on WordPress.com again. Ever?

    Excuse me, but I'm going to modlook this because I want an answer from staff.

    The blog I need help with is artbyvalerde.wordpress.com.

  2. You can actually just add in the HTTPS manually: https://wordpress.com/#!/my-settings/

    I'll see what we can do about making that automatic.

  3. Thanks macmanx. And I'd appreciate it (as I'm sure would many other people) if it could be made automatic.

  4. We decided not to do HTTPS for only the Settings tab as it would require a complete page reload when switching to that tab instead of the quick tab loading which makes the whole interface and flow so nice.

    However, I can confirm that we do process the password change through an HTTPS form POST, so that's still secure.

    Early on, we decided not to do HTTPS for the entire tabbed interface, as that would slow it to a crawl since HTTPS disables caching, which is pretty much required for this interface.

  5. Thanks for your response, macmanx. I understand it from your (wordpress's) point of view, but from mine it's still a pain.

    It hadn't occurred to me that https disables caching... but that makes sense. I suppose that's why it's slower than http. I delete my cache so frequently anyway that I'm rarely aware of the speed benefits of using it!

    Off topic... I keep mentally pronouncing your username as 'mak manx'. I presume it's meant to be pronounced mak man ex?

  6. Yes, correct pronunciation is mak man ex. If we could have case-sensitive usernames here, it would be MacManX. :)

    I understand it from your (wordpress's) point of view, but from mine it's still a pain.

    Since the important changes are processed through HTTPS, which part is still causing trouble?

  7. I'm very security conscious (as you'll probably have realised) and like to have all my activity that's not on the home or other pages of my blog/s via https.

    While this isn't the same, I know - to give you an example. I used to have my artwork on an art site that offered a P.O.D. service (print on demand), but to sell one had to join and pay a fee. Despite the site saying that there was SSL on the password pages, I found that when I went to enter my password for the account - and input my financial details - the padlock only appeared after I'd put the password in, not before I entered it, and I found that all my account details were unsecure too. I contacted the owner of the site and he said he didn't see that there was anything wrong with that. That's one of the reasons I'm so wary of a site that only has minimal security.

    I just find it frustrating that your (wordpress's) idea of security and my idea of security aren't the same. And I would think I'm not alone in this. To my mind, if there's going to be https, it should be there for all the account info, not just some of it.

  8. Well, when you're entering your data into the form, the entered data only exists on your browser, and in some cases, its cache. The data is only transmitted when the form is submitted, and that's done via https.

Topic Closed

This topic has been closed to new replies.

About this Topic