July 20, 2014 at 7:07 pm #11211
I’m using estore and emember. Is it ok that the login page is unsecured? I’m totally ignorant on the issue, but I’m hoping that securing the login page would b overkill. I just read an article talking about the “dangers” of unsecured login pages. Thanks for your help!July 20, 2014 at 8:10 pm #64484wzpModerator
What do you mean by “secured” and “unsecured?” If the login page is “secured” (i.e. protected), how does a person “see it,” in order to log in?July 20, 2014 at 9:59 pm #64485
hi. i’m getting set to launch my site and trying to learn what the security issues are that i’m supposed to address. I just installed your security plugin and got the security strength meter up to 230, which i’m hoping is pretty good. I’m also using blogvault to back up my site regularly. Should i be concerned that someone can easily discover the password and username of one of my members (i have a free membership level)? I was thinking that if they can do that, then they can access the link leading to all the videos the member has purchased. I realize there is a point where maybe I should just be happy I made a sale to the original user, and that not everything can be prevented. Your thoughts?
thanks!July 20, 2014 at 10:35 pm #64486wzpModerator
Should i be concerned that someone can easily discover the password and username of one of my members (i have a free membership level)? I was thinking that if they can do that, then they can access the link leading to all the videos the member has purchased.
Unless you are running a CIPA complaint website, or Bitcoin exchange, you have no legal obligation to protect your users from themselves. At some point, personal responsibility has to “kick in.” Here is a sample of something you might place in your Terms & Conditions:
A password is a confidential string of keyboard characters, known only to a registered user and the computer system upon which mysite.com operates. The password is the means by which a user authenticates their username to the mysite.com website. Each registered user is accountable for the confidentiality of their own password. If a user’s password becomes compromised, it is the user’s responsibility to change their password. Users are wholly accountable for unauthorized obtainment of information, goods and services that may occur if their password is compromised. Passwords are subject to periodic audits, to determine their “strength.” Users may be advised that their password is “weak,” and that a “stronger” password should be chosen. This advisement, regrading the strength or weakness of a password, does not depreciate a user’s accountability for maintaining the confidentiality of their password.July 20, 2014 at 11:02 pm #64487
Sounds good to me! thanks.July 20, 2014 at 11:58 pm #64488adminKeymaster
If you wanted to install SSL certificate on your site and make the member login page more secure (by using HTTPS URL), you are free to do that. The plugin will work fine with SSL certificate.
The setup you have now is perfectly fine in my opinion (you can install SSL certificate later when your site grows).July 21, 2014 at 2:45 am #64489
thanks again. by the way, i just enabled the cookie/brute force attack feature and i didnt get locked out, so I guess that’s working. But just wanted to mention that the link to the tutorial video wouldn’t work for me. I appreciate all the help.
- You must be logged in to reply to this topic.