[wp-testers] WP-login form actions

Matt speedboxer at gmail.com
Tue Jan 23 18:44:08 GMT 2007


This seems like a good idea. Also, if you had a SSL certificate installed on
another domain (such as using a shared certificate that a lot of hosts give
you access to) you'd be able to put wp-login.php on that other SSL domain.


On 1/22/07, Sean Hayford O'Leary <sdho at sdho.org> wrote:
>
> I was thinking about this situation. Say you have your WP install at
> http://site.com but have SSL and wish to encrypt your password when
> you log in (for good reason). So you set the WordPress address to
> httpS://site.com and log in at httpS://site.com/wp-login.php.
>
> This works fine. BUT if you log in at http://site.com/wp-login.php
> (which is not exactly unlikely -- many users append "wp-login.php"
> when visiting their blog) it won't send the information to
> httpS://site.com/wp-login.php, it'll send it to
> http://site.com/wp-login.php. Sorry for the capital Ss, didn't want
> any confusion. Of course it's not just SSL -- any time you have that
> same file accessible from more than one address, problems arise.
>
> So, would there be any problem with using the wpurl setting when
> sending the form? Like on line 344, instead of:
>
> <form name="loginform" id="loginform" action="wp-login.php" method="post">
>
> we had
>
> <form name="loginform" id="loginform" action="<?php
> bloginfo('wpurl'); ?>/wp-login.php" method="post">
>
> What do you guys think?
>
> --
> Sean Hayford O'Leary
> http://sdho.org
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>



-- 
Matt (speedboxer at gmail.com)


More information about the wp-testers mailing list