- This topic has 6 replies, 3 voices, and was last updated 8 years, 8 months ago by
.
-
Posts
-
I’m using estore and emember. Is it ok that the login page is unsecured? I’m totally ignorant on the issue, but I’m hoping that securing the login page would b overkill. I just read an article talking about the “dangers” of unsecured login pages. Thanks for your help!
What do you mean by “secured” and “unsecured?” If the login page is “secured” (i.e. protected), how does a person “see it,” in order to log in?
hi. i’m getting set to launch my site and trying to learn what the security issues are that i’m supposed to address. I just installed your security plugin and got the security strength meter up to 230, which i’m hoping is pretty good. I’m also using blogvault to back up my site regularly. Should i be concerned that someone can easily discover the password and username of one of my members (i have a free membership level)? I was thinking that if they can do that, then they can access the link leading to all the videos the member has purchased. I realize there is a point where maybe I should just be happy I made a sale to the original user, and that not everything can be prevented. Your thoughts?
thanks!
Should i be concerned that someone can easily discover the password and username of one of my members (i have a free membership level)? I was thinking that if they can do that, then they can access the link leading to all the videos the member has purchased.
Unless you are running a CIPA complaint website, or Bitcoin exchange, you have no legal obligation to protect your users from themselves. At some point, personal responsibility has to “kick in.” Here is a sample of something you might place in your Terms & Conditions:
A password is a confidential string of keyboard characters, known only to a registered user and the computer system upon which mysite.com operates. The password is the means by which a user authenticates their username to the mysite.com website. Each registered user is accountable for the confidentiality of their own password. If a user’s password becomes compromised, it is the user’s responsibility to change their password. Users are wholly accountable for unauthorized obtainment of information, goods and services that may occur if their password is compromised. Passwords are subject to periodic audits, to determine their “strength.” Users may be advised that their password is “weak,” and that a “stronger” password should be chosen. This advisement, regrading the strength or weakness of a password, does not depreciate a user’s accountability for maintaining the confidentiality of their password.
If you wanted to install SSL certificate on your site and make the member login page more secure (by using HTTPS URL), you are free to do that. The plugin will work fine with SSL certificate.
The setup you have now is perfectly fine in my opinion (you can install SSL certificate later when your site grows).
- You must be logged in to reply to this topic.