July 3, 2019 at 12:28 pm #245064
I’m currently using Really Simple SSL plugin on my wordpress website.
And I have a similar problem described at the page below:
To be more precise, the user data is encrypted while logging in.
But user data is not encrypted while user registration.
I wonder if this can be solved by using the Really Simple SSL Pro version.
Thank you.July 3, 2019 at 2:49 pm #245100MarkKeymaster
you could try to enable the 301 .htaccess redirect option. The .htaccess redirect is done before WordPress is loaded, so it should also redirect the registration page to https://.July 3, 2019 at 8:04 pm #245169
Sorry If I misrepresented the issue.
My registration page does start with https:// .
The problem is:
although the registration page starts with https:// ,
the data(username, for example) that is entered and sent to the database while user registration is not encrypted.
The username and password that user enters while logging in are encrypted.
I’d like to know if the Really Simple SSL Pro version will encrypt more strictly.
Since it says, HTTP Strict Transport Security is not enabled. To enable, get Premium.
Thank you.July 3, 2019 at 10:05 pm #245194
I’m not sure how it would be possible that your user data are not encrypted when submitted on a https page. Is the form endpoint not https?July 4, 2019 at 2:43 pm #245398
I’m personally really curious about that too.
(Please note that I’m not a programmer and can’t read or write codes.)
It’s a regular buddypress registration page but the encryption test result shows that the username is not encrypted.
I’m not sure what tool is used for the test.
Some government agency did the test.July 4, 2019 at 9:35 pm #245486
Do you mean the username is not stored encrypted in your database, or that the username is not sent encrypted?
RogierJuly 5, 2019 at 3:26 am #245593
Username is not sent encrypted. Strange.July 5, 2019 at 2:02 pm #245894
If the form endpoint is https, and the website runs on https, the username will be sent encrypted.
If you are really sure the username is not encrypted (which I doubt), there must be a http URL somewhere posting the data insecure. This can indeed by resolve with HSTS, but this can only be the case if the form is submitted with ajax through a non secure URL, or if the endpoint of the form is http.