Need help? Check out our Support site, then


HTTPS

  1. maciejmachulak
    Member

    Hi,

    I looked at some topics stating that login is done via HTTPS, but... is that only through the main website? When I access my blog and try to log in the form still points to the same login script (wp-login.php) but over HTTP (not HTTPS). This is obviously a certificate thing (issued for http://www.wordpress.com only) but I think it should be more clear for users when their password is in plain text and when it is not...

    Cheers,
    Maciej

  2. Its also not in plain text for security , presumably.
    Generally major sites are going away from Text logins because it prevents phishing scams.

    Some pages (like the forums) that are dynamic only need a text log in.

  3. I looked at some topics stating that login is done via HTTPS, but... is that only through the main website?

    yes, that's it. secure login form is linked from the wordpress.com frontpage only. any other login forms, including that one in these forums, are NOT secure.

    you might entertain with putting a direct link to secure login form into text widget and place it on your sidebar.

    Its also not in plain text for security , presumably.
    Generally major sites are going away from Text logins because it prevents phishing scams.

    Some pages (like the forums) that are dynamic only need a text log in.

    huh?

Topic Closed

This topic has been closed to new replies.

About this Topic