cancel
Showing results for 
Search instead for 
Did you mean: 

Suddenly getting "not secure" warnings across browsers for my wordpress login

As of two days ago, I am getting warned by both Firefox and Chrome that my wordpress login page is not secure. Running Windows 8.1, up to date, and with updated browsers. As far as I know I've never had a SSL certificate for this site. Please help.

 

Things I've already done:

1. Checked that date and time are correct on my computer (I did remove my BIOS battery recently for unrelated reasons, but time and date are correct within Windows). Problem exists across machines anyway.

2. Renamed plugins directory to insure a plugin wasn't causing it. No change. 

3. Played around with config file (adding SSL force lines), which only resulted in the warning messages switching from "not secure" to "not private."

2 REPLIES 2

Re: Suddenly getting "not secure" warnings across browsers for my wordpress login

Additional questions, while I'm at it:

 

1. If I do not physically enter the password, but instead allow Firefox or Chrome to enter it automatically, is it still vulnerable to theft?

2. Do most simple wordpress sites have SSL certificates? I've had a wordpress site for years without running into this issue.

3. Would I have to pay for managed wordpress from Go Daddy to get SSL?

Super User III Super User III
Super User III

Re: Suddenly getting "not secure" warnings across browsers for my wordpress login

The web is moving to be a more secure place, and browsers are implementing sterner warnings.  With the login fields on the page in question the browsers know that sensitive information would potentially be sent over an unsecure connection.

 

  1.  Yes, 'password vaults' do not change how the data is transmitted.
  2.  It is recommended.
  3.  No, you should be able to get an SSL on a shared hosting account.

 

On a side note, when talking about security it is also important to keep any computer you access the admin with protected with up-to-date anti-virus and malware software.

 

Either type of attack are often now automated.  The size of the site may not be a factor with bots just looking for sites with certain vulnerabilities.