[wp-trac] [WordPress Trac] #10267: Login form SSL is confusing
WordPress Trac
noreply at wordpress.org
Mon Jul 14 23:53:11 UTC 2014
#10267: Login form SSL is confusing
-------------------------------+-----------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 4.0
Component: Security | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
-------------------------------+-----------------------
Comment (by jeremyfelt):
It looks like https://wordpress.org/plugins/ssl-subdomain-for-multisite/
does something similar. Not sure if that's likely to be used on many
installations. In my multi-network configuration I set `FORCE_SSL_LOGIN`
and `FORCE_SSL_ADMIN` in sunrise for domains that are deemed SSL ready,
similar to iandunn's example (1) above. This works really well, though I
don't rely on a global auth point. It also haunts me whenever a domain
lives in un-SSL-ready territory for more than a few hours. :)
I think nacin sums it up in
[https://core.trac.wordpress.org/ticket/10267#comment:20 comment:20].
Providing SSL login without SSL admin areas is a false sense of security.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/10267#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list