Support » Plugin: Look-See Security Scanner » User Sessions are Unecrypted Warning

  • Resolved ec5774

    (@ec5774)


    I have enabled the FORCE_SSL_ADMIN option in my Wordpres sinstallation, yet when I look at the Configuration Analysis tab, it still reports that user sessions are unencrypted.

    Presumably LookSee is only checking for FORCE_SSL_LOGIN but perhaps it should also check for FORCE_SSL_ADMIN which is even better?

    http://wordpress.org/plugins/look-see-security-scanner/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author blobfolio

    (@blobfolio)

    Hi ec5774,

    Look-See actually checks for both FORCE_SSL_ADMIN and FORCE_SSL_LOGIN, and issues the general warning if either is missing. It is, of course, up to you whether or not you want to follow up any of its recommendations, but I’ve found that FORCE_SSL_LOGIN happens to foil the majority of brute-force login scripts, as they don’t bother to follow the redirect to HTTPS.

    Hi blobfolio

    Thanks for your reply.

    I guess my question is why is it necessary to check for FORCE_SSL_LOGIN if FORCE_SSL_ADMIN is already set since this covers the login page too as per the official documentation at http://codex.wordpress.org/Administration_Over_SSL#To_Force_SSL_Logins_and_SSL_Admin_Access?

    Hence if FORCE_SSL_ADMIN alone is set, surely this should be enough to deactivate the warning?

    Thanks again

    Plugin Author blobfolio

    (@blobfolio)

    Thank you for clarifying. I see your point! I’ll update the program so it doesn’t worry about FORCE_SSL_LOGIN if FORCE_SSL_ADMIN is enabled. 🙂

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘User Sessions are Unecrypted Warning’ is closed to new replies.