Hey, I wrote Semisecure Login Reimagined. I thought I’d respond to a couple posts.
1) Can I take over as the plugin author?
I’d suggest just creating a new fork. Semisecure Login Reimagined started as a fork of Semisecure Login… which was also similar to (and/or based on) Chap Secure Login. There’s a bit of a history of spinning up your own version 🙂
2) This plugin is pointless!
This plugin would NOT stop someone on the network from learning your session ID (i.e. they could pretend to be you within your WP install).
Today, I’d recommend going with an SSL/TLS certificate and signing in over https.
There’s a few places you can get a “real” certificate for free. Or you can just go with a self-signed cert. This will encrypt your entire client -> server communication rather than just encrypting the password part. A self-signed cert doesn’t have the same level of trust as a “real” cert issued by someone trustworthy, but it’s not any less trustworthy than what this plugin offers.
You also don’t need a dedicated IP anymore for https. SNI allows for multiple certs on the same IP. cPanel even added support for it last year. However, some browsers on Windows XP don’t support SNI so that could be a sticking point.
- The topic ‘Notes from the author’ is closed to new replies.