Need help? Check out our Support site, then


WP Secure Login

  1. Hi all,

    My problem is the following: when I want to log in to my account, the login link leads to a non encrypt page (http://). The only way I can do an encrypted login is to manually change the URL from http:// to https:// and even in this case, I get browser (Firefox) warnings that not all the content of the page is encrypted. Now, I'd understand if this warning came when attempting to load the blog per se, because there's no reason for posts' content, images, etc... to be encrypted. But on the login page?! What is there that is not to be encrypted??

    I googled (and searched WP's FAQ and forum) for answers, but most of the stuff I found was directed to users who run their own WP software.

    So, my question here is twofold:

    1) Is it possible for a WP.com user, to set up the login link so that it uses SSL *by default*?

    2) Is it normal behaviour to encrypt just part of the content of the login page? (if for nothing else, the warnings are annoying, but can't turn them off cause I when browsing the web, I like to know when pages doing, well exactly this kind of thing)

  2. since your blog is self hosted you will have to direct your question to http://wordpress.org/support/ because here on wp.com are software and procedures are different because wp.com is a multi user platform

  3. The thing that is encrypted (as far as I recall) is the connection over which login credentials are sent.

  4. @gamehq: You understood my situation wrong. I do not have a self hosted blog, I have a blog that is hosted in wordpress.com. What I said was that, while I was searching for a solution to my problem, most of the information I found was regarding self hosted blogs (i.e. from wordpress.org). But my questions (default secure login and partially encrypted login page) are about *WP.com*.

    @deltafoxtrot: no, by default the login page is not encrypted. I base myself not only on the fact that by default the login page is not encrypted (it starts by http://), but also on the fact that I once used a sniffer to see what was being transmitted, and unless I manually change the page from http:// to https://, the password is sent in the clear.

Topic Closed

This topic has been closed to new replies.

About this Topic