WordPress.org

Ready to get started?Download WordPress

Forums

Look-See Security Scanner
[resolved] User Sessions are Unecrypted Warning (4 posts)

  1. ec5774
    Member
    Posted 5 months ago #

    I have enabled the FORCE_SSL_ADMIN option in my Wordpres sinstallation, yet when I look at the Configuration Analysis tab, it still reports that user sessions are unencrypted.

    Presumably LookSee is only checking for FORCE_SSL_LOGIN but perhaps it should also check for FORCE_SSL_ADMIN which is even better?

    http://wordpress.org/plugins/look-see-security-scanner/

  2. blobfolio
    Member
    Plugin Author

    Posted 5 months ago #

    Hi ec5774,

    Look-See actually checks for both FORCE_SSL_ADMIN and FORCE_SSL_LOGIN, and issues the general warning if either is missing. It is, of course, up to you whether or not you want to follow up any of its recommendations, but I've found that FORCE_SSL_LOGIN happens to foil the majority of brute-force login scripts, as they don't bother to follow the redirect to HTTPS.

  3. ec5774
    Member
    Posted 5 months ago #

    Hi blobfolio

    Thanks for your reply.

    I guess my question is why is it necessary to check for FORCE_SSL_LOGIN if FORCE_SSL_ADMIN is already set since this covers the login page too as per the official documentation at http://codex.wordpress.org/Administration_Over_SSL#To_Force_SSL_Logins_and_SSL_Admin_Access?

    Hence if FORCE_SSL_ADMIN alone is set, surely this should be enough to deactivate the warning?

    Thanks again

  4. blobfolio
    Member
    Plugin Author

    Posted 5 months ago #

    Thank you for clarifying. I see your point! I'll update the program so it doesn't worry about FORCE_SSL_LOGIN if FORCE_SSL_ADMIN is enabled. :)

Reply

You must log in to post.

About this Plugin

About this Topic