Securing logins and user info with SSL

Hello my friends,

We use an SSL certificate that is verified, extended validation, 256-bit Secure Sockets Layer encryption for pages which use financial info (e.g. registration, upgrades and billing forms).

We have a user who is concerned about:

A. Logging into our site on public networks because we do not use SSL on the login page, and

B. About pages with user data also not using SSL.

They referenced the codex article:

http://codex.wordpress.org/Administration_Over_SSL

Their concern about packet sniffing user data sent in the clear seems valid.

What are your recommendations about securing login, admin pages and user info pages?

Thank you,

Chris

Thank you for your inquiry.

I’m very sorry for the delay in response.

We have a user who is concerned about:

A. Logging into our site on public networks because we do not use SSL on the login page, and

B. About pages with user data also not using SSL.

While this concern is valid, the only risk here is for the User, because of the network the User is using as I understand it (See: https://en.wikipedia.org/wiki/Packet_analyzer). That being said if you feel that forcing SSL on these pages is necessary on your site, you can do this using the information in the article you posted for login pages, and you force ssl using the same method as you would for your pages with Pro Forms (with s2_force_ssl=yes).

I’m not super experienced with the intricacies of protecting packets with SSL, so I can’t provide much information on this, but I can tell you that we do not force SSL on any pages other than the checkout pages here at s2Member.com, and we are yet to run into any problems.