WordPress.org

Forums

Look-See Security Scanner
[resolved] User Sessions are Unecrypted Warning (4 posts)

  1. ec5774
    Member
    Posted 1 year ago #

    I have enabled the FORCE_SSL_ADMIN option in my Wordpres sinstallation, yet when I look at the Configuration Analysis tab, it still reports that user sessions are unencrypted.

    Presumably LookSee is only checking for FORCE_SSL_LOGIN but perhaps it should also check for FORCE_SSL_ADMIN which is even better?

    http://wordpress.org/plugins/look-see-security-scanner/

  2. blobfolio
    Member
    Plugin Author

    Posted 1 year ago #

    Hi ec5774,

    Look-See actually checks for both FORCE_SSL_ADMIN and FORCE_SSL_LOGIN, and issues the general warning if either is missing. It is, of course, up to you whether or not you want to follow up any of its recommendations, but I've found that FORCE_SSL_LOGIN happens to foil the majority of brute-force login scripts, as they don't bother to follow the redirect to HTTPS.

  3. ec5774
    Member
    Posted 1 year ago #

    Hi blobfolio

    Thanks for your reply.

    I guess my question is why is it necessary to check for FORCE_SSL_LOGIN if FORCE_SSL_ADMIN is already set since this covers the login page too as per the official documentation at http://codex.wordpress.org/Administration_Over_SSL#To_Force_SSL_Logins_and_SSL_Admin_Access?

    Hence if FORCE_SSL_ADMIN alone is set, surely this should be enough to deactivate the warning?

    Thanks again

  4. blobfolio
    Member
    Plugin Author

    Posted 1 year ago #

    Thank you for clarifying. I see your point! I'll update the program so it doesn't worry about FORCE_SSL_LOGIN if FORCE_SSL_ADMIN is enabled. :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Look-See Security Scanner
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic