Comments on: Semisecure Login Reimagined

By: Wordpress security dissected and analyzed: Part 2 | Bandit Defense

Wordpress security dissected and analyzed: Part 2 | Bandit Defense — Tue, 28 Apr 2009 08:27:53 +0000

[...] you don’t have an SSL certificate on your server, Semisecure
Login Reimagined is a wonderful plugin. I explained its usefulness
in a previous [...]

By: moggy

moggy — Mon, 16 Mar 2009 07:25:12 +0000

Sorry about that. Looks like there was a typo. I just pushed an update to fix the issue.

By: Álvaro Degives-Más

Álvaro Degives-Más — Sun, 15 Mar 2009 06:16:22 +0000

Scratch that… I installed the previous version (1.4.0) created
the keys, upgraded to the current, problem solved. :-) Works like a
charm. Thanks!

By: Álvaro Degives-Más

Álvaro Degives-Más — Sat, 14 Mar 2009 22:49:21 +0000

Hi Moggy, the plugin is really awesome. Thanks so much! I have a WP
based site I maintain for a non-profit, which gives me a puzzling
error upon activation of the plugin:

Parse error: syntax error, unexpected ‘;’, expecting ‘)’ in
/[path-to]/public_html/wp-content/plugins/semisecure-login-reimagined/SemisecureLoginReimagined_RsaKeys.php
on line 73

I can’t figure out what’s going wrong there… It
activates, but seemingly won’t generate the keys, no matter the
setting I choose. Could you point me in the right direction?
Server’s running PHP5.2… Dunno what other info might be helpful
to you. Thanks in advance!

By: JeKoPhoto

JeKoPhoto — Mon, 09 Mar 2009 18:40:40 +0000

Moggy, thanks for pointing that out – I was not be aware of this by
now. In fact it would be sensless in this circumstances to en- and
decrypt the username. Thanks again, Jens

By: moggy

moggy — Mon, 09 Mar 2009 07:53:47 +0000

Jens –
The default cookie(s) that WordPress uses stores your username as plain-text. So there’s no point in encrypting the username when logging in since it’s going to be sent “over the wire” 3 seconds later anyway.

By: m0rebel

m0rebel — Mon, 09 Mar 2009 02:12:12 +0000

I recently discovered this plugin and it’s awesome! I have a
computer security blog and I just wrote a post recommending it.
Check it out:
http://blog.banditdefense.com/2009/03/08/wordpress-password-security-on-a-budget/

By: Wordpress password security on a budget | Bandit Defense

Wordpress password security on a budget | Bandit Defense — Mon, 09 Mar 2009 02:01:52 +0000

[...] the Semisecure Login Reimagined Wordpress plugin. If you
can’t afford SSL for your website, this is your next best bet. On
[...]

By: JeKoPhoto

JeKoPhoto — Tue, 03 Mar 2009 18:16:33 +0000

Moggy, first I want to thank you for this great plugin! It is a
really good choice for those who are not able to use ssl. Did you
thought about encrypting the username too? I think this could
improve the level of security. So there would be absolutely no
login information which goes unencrypted through the net and an
possible attacker did not know the half of the needed information
;-) Would be interested what you are thinking about. Cheers, Jens

By: Les extensions WordPress de Mind Overflow | Mind Overflow

Les extensions WordPress de Mind Overflow | Mind Overflow — Mon, 29 Dec 2008 19:27:58 +0000

[...] Semisecure Login Reimagined (1.4.0) : permet de chiffrer
certains éléments du blog grâce à un système de clé privée/clé
publique basé sur le RSA. [...]