Title: http not protected when running https Last modified: August 24, 2016 --- # http not protected when running https * Resolved [tedinoz](https://wordpress.org/support/users/tedinoz/) * (@tedinoz) * [11 years, 1 month ago](https://wordpress.org/support/topic/http-not-protected-when-running-https/) * I’m running on shared hosting with an SSL, WordFence and the Codex hardening precautions. * I had a brute force attack on my login page this week; 90,000 hits from 3 IP addresses in 18 hours, and all directed at my **http** address. However WordFence didn’t respond – it seems to me that all my defences (including WordFence) are focused at the _https_ side. * What am I missing here? Have I failed to properly configure the SSL or Wordfence? * FWIW, after I installed the SSL, WordFence refused to work until I added this to functions.php add_filter( ‘https_local_ssl_verify’, ‘__return_false’ ); * Ted * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 2 replies - 1 through 2 (of 2 total) * [WFBrian](https://wordpress.org/support/users/wfbrian/) * (@wfbrian) * [11 years ago](https://wordpress.org/support/topic/http-not-protected-when-running-https/#post-6051105) * Hi Ted, * I’m running Wordfence on a http only site and it detects issues. There shouldn’t be any difference between http and https as far as Wordfence is concerned. * -Brian * Thread Starter [tedinoz](https://wordpress.org/support/users/tedinoz/) * (@tedinoz) * [11 years ago](https://wordpress.org/support/topic/http-not-protected-when-running-https/#post-6051121) * The more I think about this, the more likely it is that my problem is server/ configuration oriented. I don’t think it is a WordFence issue. * Our SSL is pretty new and I’m struggling to understand why the attacks would appear on the cPanel “http” raw access logs, but NOT on the cPanel “SSL” raw access logs. * In essence, the hits from the attack didn’t get referred to the https address. I think this is why WordFence didn’t deal with them. * Ted Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘http not protected when running https’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [SSL](https://wordpress.org/support/topic-tag/ssl/) * 2 replies * 2 participants * Last reply from: [tedinoz](https://wordpress.org/support/users/tedinoz/) * Last activity: [11 years ago](https://wordpress.org/support/topic/http-not-protected-when-running-https/#post-6051121) * Status: resolved