Login process security; “Login” link in META widget
-
L&G –
If go to my blog without logging in beforehand, ( http://slashdown.wordpress.com ),
the “log in” link in “Meta” is ” http://slashdown.wordpress.com/wp-login.php “.This seems to be an insecure link (“http”, not “https”) – unless security is provided behind the scenes, which is possible.
If this is not the case, the link seems to be in error, regardless of the “secure HTTP” setting in my profile. (and I have “secure” setting there.)
Moreover, I could copy the link, and use it “as is”.
We all know that log-in process should be protected regardless of one’s settings.
So, what’s going on here? Is it a bug, or a feature, or a user’s mistake? :)
TIA,
slashdown. -
The HTTPS option is a user based setting, so if you aren’t logged in yet, WordPress can’t check your settings.
-
< The HTTPS option is a user based setting, so if you aren’t logged in yet, WordPress can’t check your settings. >
Well, I don’t think that this should be a user-based setting.
But regardless of that, as I wrote before:
“We all know that log-in process should be protected regardless of one’s settings.”
It’s not a matter of personal choice, it’s a matter of the site’s responsibility. Allowing insecure logins opens a can of worms for the site and for the users. This goes against all reason and current practice.
-
-
Dear WordPress,
I recently activated a site for a large regional project, pugetsoundfoodnetwork.org. I am trying out various tools and love what I see with WordPress. So thanks for all you have built.
I have similar questions to those from slashdown about privacy and look forward to your reply to his/her question.
Thanks again.
[url delinked – Mark]
-
The forums are largely run by volunteers and thus this is not a good way to communicate with staff. The best way to do that is via your dashboard Support button.
- The topic ‘Login process security; “Login” link in META widget’ is closed to new replies.
WordPress.com Forums 