WordPress.org

Ready to get started?Download WordPress

Forums

Theme My Login
No support for SSL certificates? (5 posts)

  1. fwchapman
    Member
    Posted 3 years ago #

    This is a very nice plugin, and I like it a lot. There is one important thing missing, however: It doesn't force me to log in securely using my site's SSL certificate. Before I installed this plugin, forced SSL logins were the default on my site. Would it be possible for this plugin to support forced SSL logins in the future?

    Thanks very much,

    Fred Chapman
    Web Consultant
    F.W. Chapman Solutions

    http://wordpress.org/extend/plugins/theme-my-login/

  2. Jeff Farthing
    Member
    Plugin Author

    Posted 3 years ago #

    It's supposed to already. I'll look into it when I get a chance.

  3. fwchapman
    Member
    Posted 3 years ago #

    Thanks, Jeff! I looked at the HTML which the plugin generates, and its not using HTTPS to post the login form data. I'm using another plugin called WordPress HTTPS to force SSL logins on the default login form. -Fred

  4. datapharmer
    Member
    Posted 3 years ago #

    Jeff, I can now verify this problem. With theme-my-login enabled if a user goes to an http login page it sends their data insecurely and then redirects them to the https version of the login page before they can actually sign in. Strangely, trying to do a php or apache redirect from http://domain.com/login to https://domain.com/login results in a redirect loop, although I haven't had the time to figure out exactly why that is happening so far. Example to reproduce redirect loop: install and activate WPSSL (WordPress with SSL) plugin, mark the theme-my-login page as force ssl in the wordpress editor and click update.

    Details: multisite subfolder install, using cloudflare

  5. fwchapman
    Member
    Posted 3 years ago #

    Jeff,

    I've revisited this problem and found a solution which meets my needs. Here are the details.

    I am using the WordPress HTTPS plugin to force the use of SSL on the login page created by Theme My Login. Since your plugin uses a relative URL to post the login form data, the HTTPS protocol is automatically inherited from the page as a whole. That means the username and password are submitted securely, and my problem is solved!

    Now that I'm using your plugin, I really appreciate what a handy piece of software it is. I especially like having the ability to customize login and logout redirection for different user roles.

    Thanks very much,

    Fred

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic