bs-wp-encrypt plugin: Encrypt Logins
Filed Under (Tools, WordPress) by DK on 9 April 2008

This simple plugin will ensure that all requests to ‘wp-login.php’ and ‘wp-admin/*’ are redirected over HTTPS. By using HTTPS you mitigate the risk of attackers capturing sensitive information such as usernames and passwords, which when accessed over HTTP provide no level of security.

Please ensure that your site supports HTTPS before enabling this plugin. This can be done by pointing your browser to ‘https://yourblog/wordpress/’.

Please be aware that this plugin is still new and may have some bugs. If you run into problems simply delete the plugin and report the bug to us.

bs-wp-https.php can be downloaded here.

Just rename it to bs-wp-https and drop in in your wp-content/plugins directory. It can be enabled from wp-admin.

Enjoy!

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Read and Contribute to BlogSec News!

Comments

durito on 10 April, 2008 at 11:01 am #

could you name maybe the differences to: http://haris.tv/2007/04/24/admin-ssl-new-wordpress-plugin/

thanks!


DK on 10 April, 2008 at 12:31 pm #

durito, its BlogSec project, what more reason do you need? :)

That plugin has 400+ lines of code and looks really messy. Ours is only 100 lines of code and alot cleaner in my opinion, but I’m bias.


LaMi on 10 April, 2008 at 3:09 pm #

1. The version on harris.tv of admin-ssl plugin does not work in wp 2.5. An updated version of that plugin which works in wp 2.5 is available at http://www.kerrins.co.uk/blog/2008/04/wordpress-25-and-admin-ssl-plugin.html

2. One difference I found: With admin ssl I can access the wp-login page via http without being redirected to https.


DK on 10 April, 2008 at 3:29 pm #

LaMi, thanks for sharing man. So in other words 2 points to BlogSec, 0 points to admin-ssl :)


CodeScheme on 11 April, 2008 at 7:01 am #

WordPress security - SSL admin…

A security plug-in to put the admin and login under SSL - interesting and probably not before time as an option.
Of course, you will need SSL on your domain, but certificates don’t cost anything like they used to, it’s just the fun of inst…


Wordpress Security - Encrypt Login Plugin :: Hier, wieder, eins, genialen :: bl0g.at on 11 April, 2008 at 1:06 pm #

[…] Plugin kann hier runtergeladen werden: bs-wp-encrypt plugin: Encrypt Logins von […]


durito on 11 April, 2008 at 3:23 pm #

well thanks for the additional infos. most of them I knew already. however it’s always good to compare new projects with existing once.


Ben Green on 12 April, 2008 at 2:40 pm #

LaMi and DK:

The latest version of admin-ssl, which I am about to release (0.71) forces SSL on wp-login.php as well.

Plus, admin-ssl works just as well for Shared SSL setups, which are usually free.

BCG


LaMi on 12 April, 2008 at 11:53 pm #

I just tried to upload an image to my post. That was not possible until I disabled bs-wp-https plugin. It seems like the plugin does not rewrite the urls of the uploader.


Ben Green on 14 April, 2008 at 2:09 pm #

LaMi: Do you have mod_security enabled?

I found that the new image uploader doesn’t work, you have to disable the POST scanner.


Безопасность WordPress. | Блог Андрейда on 15 April, 2008 at 8:53 pm #

[…] Если Ваш хостер предоставляет SSL, используйте протокол HTTPS для входа в WordPress. Плаггин, реализующий данный функционал здесь. […]


joecr on 4 May, 2008 at 12:35 am #

One thing that “Admin SSL” has going for it is they support a shared SSL without needing to edit the file now. Since I haven’t paid for one & don’t plan on purchasing one I think that is a good feature for me.


Claudia Sommer » Blog Archiv » Wordpress Sicherheit on 25 May, 2008 at 2:19 pm #

[…] genau dies umzusetzen gibt es ein simples PlugIn namens WP Encrypt Plugin. Einfach PlugIn herunterladen, in das PlugIn Verzeichnis kopieren und im AdminPanel […]


Comment
Name:
Email:
Website:
Message: