Password parameter on wordpress login page

  • lalitavalon

    (@lalitavalon)


    8 years, 7 months ago

    Hi,

    There is a question related to the security.
    When we login the wordpress backend like wp-admin and enter the username and password for the same.
    the username and password pass on the network and all the information related to username and password are in the form of plain text when we inspect the filed in firefox browser. Is there any way to secure or encrypt this information before send over the network. Because if this information will be plain text there is a chance to hacking.
    I think wordpress should handle and it should be your responsiblity to encrpt the information before sending. But I do not know why the information are in the plain text.
    Is there something that i missing.

    Please let me know.
    WHat we have to do and how can we secure this information

    • This topic was modified 8 years, 7 months ago by lalitavalon.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    8 years, 7 months ago

    Is there any way to secure or encrypt this information before send over the network.

    Install an SSL certificate so your site uses https protocol. Encryption takes place at a level above WordPress in the stack.

    Contact your host to see if it supports the free LetsEncrypt SSL certificates.

    Thread Starter lalitavalon

    (@lalitavalon)

    8 years, 7 months ago

    hi, Thanks for the reply.

    But there is a question If i install the SSL certificate on the website still when I inspect the code in firefox browser and inspect on the network and visit params tab it is showing the login username and password in plain text.

    let take a example of wordpress.org website You have implaemented SSl certificate on the website but still as i am seeing username and password are in plain text.
    As for please click on the link I took a screenshot for the same.
    [redacted]
    As you said after installing the SSL on the website thsese information are encrpted but what is this?

    Please help me in the same

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    8 years, 7 months ago

    If you install a cert and make an https connection, everything going between the browser and the site is encrypted. The inspector is showing you what happens pre/post encryption. If you want to monitor network traffic, you need to use tcpdump or similar operating system-level utility.

    Thread Starter lalitavalon

    (@lalitavalon)

    8 years, 7 months ago

    Hi, Thanks again for the reply.
    have you open the link of screenshot that i shared with you.
    I enter the username and password on ssl website wordpress.org and inspect the code it is showing the username and password in clear text.

    If wordpress.org is a SSL certified website why it is showing the username and password as a plain text. it should be in encrypted way.
    Please clear to me for the same

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    8 years, 7 months ago

    I removed the link to your screenshot. Please change your password IMMEDIATELY.

    See my prior response. You are not looking at the data *as it goes over the network*.

    Thread Starter lalitavalon

    (@lalitavalon)

    8 years, 7 months ago

    Thanks again for response.
    Can we secure it at local or pre/post encrption also if we inspect the code it shows encrypted rather than clear text even we have SSL.

    If it is possible it would be very helpful for me.

    • This reply was modified 8 years, 7 months ago by lalitavalon.
Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Password parameter on wordpress login page’ is closed to new replies.