Support » Plugin: Look-See Security Scanner » User Sessions are Unecrypted Warning

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Blobfolio


    Hi ec5774,

    Look-See actually checks for both FORCE_SSL_ADMIN and FORCE_SSL_LOGIN, and issues the general warning if either is missing. It is, of course, up to you whether or not you want to follow up any of its recommendations, but I’ve found that FORCE_SSL_LOGIN happens to foil the majority of brute-force login scripts, as they don’t bother to follow the redirect to HTTPS.

    Hi blobfolio

    Thanks for your reply.

    I guess my question is why is it necessary to check for FORCE_SSL_LOGIN if FORCE_SSL_ADMIN is already set since this covers the login page too as per the official documentation at

    Hence if FORCE_SSL_ADMIN alone is set, surely this should be enough to deactivate the warning?

    Thanks again

    Plugin Author Blobfolio


    Thank you for clarifying. I see your point! I’ll update the program so it doesn’t worry about FORCE_SSL_LOGIN if FORCE_SSL_ADMIN is enabled. 🙂

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘User Sessions are Unecrypted Warning’ is closed to new replies.