WordPress.org

Ready to get started?Download WordPress

Forums

Login Encrypt issue... (7 posts)

  1. LJagermaster
    Member
    Posted 4 years ago #

    I installed/activated the Login Encrypt plugin, was thrown at first when it appeared twice in the list but apparently there's a genuine reason for this.

    Tried to login to the subscriber I gave myself and hit a 404 error stone wall! There are no options available with the plugin so I can only ask if anyone's encountered this issue before and knows of a solution?

    Thanks in advance,

    Lee C

    UPDATE: I deactivated the one that was activated automatically and the other one kicked in, solving this issue...

  2. LJagermaster
    Member
    Posted 4 years ago #

    Just curious, does anyone know for sure if this plugin actually does anything? By that I mean, although it finally seems to be working (I'm able to login with no apparent issues) does it actually encrypt the login details, therefore providing the protection & security it claims to? I kept both eyes on the address bar on one login attempt and the "http" didn't once change to "https" and on another I stared at the padlock icon and it didn't change either!

    I realise this is a free plugin and appreciate the time that's went into creating it, but I need to be sure it definitely provides some form of security (I have purchased SSL functionality - dedicated IP and such - but apparently the "secure connection" alone isn't enough to protect login details...according to my host anyways...)...

  3. That plugin is dated 2007 according to the page at

    http://wordpress.org/extend/plugins/login-encryption/

    I would be impressed that it does anything since it worked up to WordPress 2.0.

    If you can get a working SSL certificate installed on your web server (I use http://www.startssl.com/ free and excellent) then all you should need to do is add define('FORCE_SSL_ADMIN', true); and you should be fine.

    You credentials will be transmitted encrypted using the https part of your server and most of the admin elements in your page will be via SSL too.

    See http://codex.wordpress.org/Administration_Over_SSL for more info on the topic.

  4. LJagermaster
    Member
    Posted 4 years ago #

    I asked my host to install a self-signed certificate, which according to them works exactly the same as a commercial one from the likes of VeriSign or Thwawte, but it's just "not trusted" by browsers. I considered Start SSL and another similar free service I came across but apparently I'm only allowed one certificate in total (my first project is under a subdomain of what will be my main network). Hence my need for this to be handled by a plugin. I'll look into it more tomorrow though, thanks jdembowski for the info.

  5. LJagermaster
    Member
    Posted 4 years ago #

    On the note of define('FORCE_SSL_ADMIN', true);, I tried adding it manually on another site a while back and it caused a bunch of errors, I'm assuming I put in the wrong part of the wp-config.php file so is anyone able to describe precisely where that line should go? :-/

  6. LJagermaster
    Member
    Posted 4 years ago #

    Really need to know asap... I tried adding it within the
    "Authentication Unique Keys"
    area, giving:

    /**#@+
    * Authentication Unique Keys.
    *
    * Change these to different unique phrases!
    * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
    * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
    *
    * @since 2.6.0
    */
    define('AUTH_KEY', '**key hidden**');
    define('SECURE_AUTH_KEY', '**key hidden**');
    define('LOGGED_IN_KEY', '**key hidden**');
    define('NONCE_KEY', '**key hidden**');
    define('FORCE_SSL_ADMIN', true);
    /**#@-*/

    I even tried the define('FORCE_SSL_LOGIN', true); variable but no SSL implementation seems to be taking place (no https:// and no padlock changes). I know that SSL support is there, I tried the Force SSL plugin which proved this to be true, but it transformed my entire site into an SSL site and prevented me from accessing the admin area.

    I've had to start promoting the site now as I'm already way behind schedule, so any help with this would be greatly appreciated...

  7. Backup your WordPress database and files. Get ready to restore them if the "bad thing" happens.

    First, test if you have SSL installed correctly. The easiest way to do that is do this:

    https://YOUR-BLOG-URL-HERE/readme.html

    If you get the WordPress readme.html without any goofy certificate errors, then you are fine.

    Now disable any plugins that have anything to do with authentication and SSL. You don't need them.

    Make another backup of your wp-config.php file and put that somewhere safe. Now copy wp-config-sample.php to wp-config.php and insert your DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST into that new copy.

    See the line that says define ('WPLANG', '');? Right after that insert these lines

    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);

    Per the codex, both lines should not be needed. But that's what I have in my file. You should still insert this part

    https://api.wordpress.org/secret-key/1.1/

    But one thing at a time.

    If this tanks your installation, then restore that backup you made at the beginning and you'll be back to square one with no harm done.

Topic Closed

This topic has been closed to new replies.

About this Topic