[wp-trac] [WordPress Trac] #47059: Site Health Check: bogus warnings about need for SSL on localhost
WordPress Trac
noreply at wordpress.org
Sat Apr 27 15:21:05 UTC 2019
#47059: Site Health Check: bogus warnings about need for SSL on localhost
----------------------------+-----------------------------
Reporter: DavidAnderson | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: trunk
Severity: normal | Keywords:
Focuses: |
----------------------------+-----------------------------
Site Health Check will tell the user that his security would be improved
with an SSL certificate, even on a development site on localhost (i.e.
loopback networking interface).
MITM cannot be performed on a loopback interface (except by root, but root
on either end has full access to the data before/after the application of
SSL anyway), so this is a bogus warning that will ultimately only train
users to believe that "Site Health Check's" information is only sometimes
reliable, which will be counter-productive.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47059>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list