[wp-trac] [WordPress Trac] #19723: Setting only SSL_Login does not force SSL Login
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 4 12:40:46 UTC 2012
#19723: Setting only SSL_Login does not force SSL Login
--------------------------+------------------------------
Reporter: ccolotti | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.3
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------------------
Comment (by ccolotti):
Replying to [comment:2 nacin]:
> FORCE_SSL_LOGIN only forces that the credentials get sent over HTTPS,
not the accessing of wp-login.php itself. If you want everything to be SSL
you should set FORCE_SSL_ADMIN.
That makes sense. One would think that switch would at least just make
the login page also SSL so you know you are secure. I know it is SENT
over SSL when you submit.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19723#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list