Is it possible to use https instead of http? But be careful: I am a newbie with this! ;)
A user asked me about this. He wants his password crypted when sending it over the net.
Should work, its been something I've been meaning to try.
Anyway most of the work is on the server end where you will need to install an X.509 certificate. Buying a certificate can be expensive but you can also get some free ones (with lower crypt levels) or do your own, “self-signed” certificate for free. A self signed one will give the user an initial security prompt warning since its self signed.
Okay, let's forget this. I don't want to install a plugin just for one user. :-X
Ohhh... okay, I misunderstood the question then!
I thought your user wanted to setup the https on his site.
Well, the answer is mostly the same. What I can add is that it may be possible to "protect" just the login page (provided the quick-login is disabled), but then again, do it without addons may not be possible (even though, it may be using an htaccess redirect of sort I think)... more doubts than answers I guess. LOL
That seems like the best option, disable quick login and use htaccess fot tge login page.
Alternatively someone who knows https could do a plugin just to secure the login system (i dont imagine it woukd be overly hard, as long as ssl is configured correctly).
If someond does, i can test (i have ssl enabled on my server).
Heh, yes.
Technically, SSL has been cracked since 1997. That said: you
will have to install a certificate (not a plug-in) in order to use SSL. The most interesting part is to adjust the theme though. All http: links will destroy your site security.
This is an interesting read:
http://stackoverflow.com/questions/4515283/using-ssl-across-entire-site (http://stackoverflow.com/questions/4515283/using-ssl-across-entire-site)
I'd like to see the case study on this if you have it handy. That being said, it would stop a lot of the more obvious attempts at data theft (remembering even minimal security is better than no security)
Yes this is correct, the plugin just facilitates the establishment of https throughout the site without the need for htaccess redirects. Having a working SSL configuration takes time and effort, but it needs to be done first.
Not true at all, a link is just that... A link... It seems mostly a non-issue, I run my wedge powered forum entirely over SSL and haven't come across any major problems, although that being said from memory if you are showing content inline you may run in to problems if the content is http only, but that being said most major sutes are moving to https, or alternatively have SSL enabled (think Youtube and IMGUR as the major players for inline content) so just link the HTTPS version (again, which is what I do).
It's essentially personal preference, and TBH someone who is looking to investigate would run up a test site to see how it works, and then make an assessment from there.
I could provide some. You could as well search the web for "SSL strip". There are even smartphone apps to do that.
Pointless and even less secure IMO.
It actually takes about 5 minutes, including actually generating and validating the certificate.
Not hyperlinks - link tags (links, not anchors).
If "plug-in" you mean what I linked, that is just something to help Elk deal with embedding of images from non-https websites, nothing to do with the installation of the certificate. :P