[wp-trac] [WordPress Trac] #10267: Login form SSL is confusing
WordPress Trac
noreply at wordpress.org
Thu May 29 03:56:49 UTC 2014
#10267: Login form SSL is confusing
-------------------------------+-----------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 4.0
Component: Security | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
-------------------------------+-----------------------
Changes (by nacin):
* milestone: Future Release => 4.0
Comment:
Time to retire login SSL. Admin or GTFO. Upcoming commit forces SSL in the
admin if you had FORCE_SSL_LOGIN set.
The alternative is to let it rot / discourage its use / issue a
deprecation notice. But if someone wants FORCE_SSL_LOGIN they probably
care about security more than the potential for trouble. The current
security is smoke and mirrors, while a lot of that trouble (like mixed
content issues) do plan to be fixed in 4.0.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/10267#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list