WordPress.org

IMPORTANT TECHNICAL NOTES

• This plugin requires the MD5 Password Hashes plugin for WordPress 2.5 (http://wordpress.org/extend/plugins/md5-password-hashes/).

• For technical reasons, users of this plugin may find they have to attempt to login to their site twice - the first login attempt will fail, the second one will succeed. The reasons for this are beyond the scope of this document. If you really want to know why this is, or if you want to fix it, see the comment headed "README - IMPORTANT NOTE" in semisecure-login.php, included with this document. A full fix for this problem requires a minor edit to WordPress code, so is recommended only for the technically inclined.

Changelog

1.1.0

• Upgrade for WordPress 2.5

1.0.3

• Bug: Fixed "headers already sent" warning when starting sessions.

1.0.2

• Enhancement: Added messages to the login window to indicate whether Semisecure Login is enabled and functional.
• Clarified documentation.

1.0.1

• Enhancement: Forced expiration of the login nonce after its one potential use. Previously, this could stick around and thus would be vulnerable to a replay attack if a session was hijacked.

1.0

• Initial Release