[wp-trac] [WordPress Trac] #10267: Login form SSL is confusing

WordPress Trac noreply at wordpress.org
Mon Jul 14 23:53:11 UTC 2014


#10267: Login form SSL is confusing
-------------------------------+-----------------------
 Reporter:  Denis-de-Bernardy  |       Owner:  ryan
     Type:  defect (bug)       |      Status:  reopened
 Priority:  normal             |   Milestone:  4.0
Component:  Security           |     Version:
 Severity:  normal             |  Resolution:
 Keywords:  needs-patch        |     Focuses:
-------------------------------+-----------------------

Comment (by jeremyfelt):

 It looks like https://wordpress.org/plugins/ssl-subdomain-for-multisite/
 does something similar. Not sure if that's likely to be used on many
 installations. In my multi-network configuration I set `FORCE_SSL_LOGIN`
 and `FORCE_SSL_ADMIN` in sunrise for domains that are deemed SSL ready,
 similar to iandunn's example (1) above. This works really well, though I
 don't rely on a global auth point. It also haunts me whenever a domain
 lives in un-SSL-ready territory for more than a few hours. :)

 I think nacin sums it up in
 [https://core.trac.wordpress.org/ticket/10267#comment:20 comment:20].
 Providing SSL login without SSL admin areas is a false sense of security.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/10267#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list