[Support request] Question before purchase

Home Forums Really Simple SSL pro Question before purchase

This topic contains 7 replies, has 3 voices, and was last updated by  Rogier Lankhorst 2 weeks ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #245064 Reply

    okocha2
    Participant

    Hello,

    I’m currently using Really Simple SSL plugin on my wordpress website.

    And I have a similar problem described at the page below:
    https://buddypress.org/support/topic/registration-page-how-to-get-ssl-working/

    To be more precise, the user data is encrypted while logging in.
    But user data is not encrypted while user registration.

    I wonder if this can be solved by using the Really Simple SSL Pro version.

    Thank you.

    #245100 Reply

    Mark Wolters
    Keymaster

    Hi,

    you could try to enable the 301 .htaccess redirect option. The .htaccess redirect is done before WordPress is loaded, so it should also redirect the registration page to https://.

    #245169 Reply

    okocha2
    Participant

    Hello,

    Sorry If I misrepresented the issue.
    My registration page does start with https:// .

    The problem is:
    although the registration page starts with https:// ,
    the data(username, for example) that is entered and sent to the database while user registration is not encrypted.

    The username and password that user enters while logging in are encrypted.

    I’d like to know if the Really Simple SSL Pro version will encrypt more strictly.
    Since it says, HTTP Strict Transport Security is not enabled. To enable, get Premium.

    Thank you.

    #245194 Reply

    I’m not sure how it would be possible that your user data are not encrypted when submitted on a https page. Is the form endpoint not https?

    #245398 Reply

    okocha2
    Participant

    I’m personally really curious about that too.
    (Please note that I’m not a programmer and can’t read or write codes.)

    It’s a regular buddypress registration page but the encryption test result shows that the username is not encrypted.
    I’m not sure what tool is used for the test.
    Some government agency did the test.

    #245486 Reply

    Do you mean the username is not stored encrypted in your database, or that the username is not sent encrypted?

    Rogier

    #245593 Reply

    okocha2
    Participant

    Username is not sent encrypted. Strange.

    #245894 Reply

    If the form endpoint is https, and the website runs on https, the username will be sent encrypted.

    If you are really sure the username is not encrypted (which I doubt), there must be a http URL somewhere posting the data insecure. This can indeed by resolve with HSTS, but this can only be the case if the form is submitted with ajax through a non secure URL, or if the endpoint of the form is http.

Viewing 8 posts - 1 through 8 (of 8 total)
Reply To: Question before purchase
Your information: