Semisecure Login Reimagined WordPress Plugin

Semisecure Login Reimagined Wordpress Plugin Free download

  • Semisecure Login Reimagined Free download , Semisecure Login Reimagined Wordpress Plugin download , Semisecure Login Reimagined extension download for Wordpress
  • Minimum WordPress Version Required:
    Wordpress 3.1 or higher
  • WordPress version Compatible Upto
    WordPress 3.1.4
  • Active Installs
    Requires: 3.1 or higher Compatible up to: 3.1.4 Last Updated: 6 years ago
  • Plugin Total downloads:
    47.6K +
Semisecure Login Reimagined wordpress plugin Download

Semisecure Login Reimagined WordPress Plugin overview

Semisecure Login Reimagined Wordpress Plugin is used to "Re-imagined" version of Semisecure Login that uses public and secret-key encryption to encrypt passwords when logging in..

Please note that I've moved away from WordPress for the time being. I have no plans to continue updating my plugins. If someone was thinking of forking this project, now would be the time.

Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience.

This plugin is a "re-imagining" of the original Semisecure Login (which used one-way MD5 hashing). This version works with the new phpass hashed passwords that WordPress uses, as well as maintaining backwards compatibility with the older (pre WordPress 2.5) MD5 hashed passwords. Theoretically, it will also work with any other hashing algorithm (because this plugin simply adds an extra layer in the process rather than trying to authenticate anything itself).

This plugin requires PHP to be compiled with openssl support, which is a pretty standard option for most hosts.

How does this work? A user attempts to log in via the login page. If JavaScript is enabled, a secret-key is generated and used to encrypt the password along with a nonce, the public-key encrypts the secret-key, and the original (unencrypted) password is not sent. The server decrypts the secret-key with the private-key which is used to decrypt the password+nonce. The nonce is verified before handing the password over to WordPress for verification. If JavaScript is not enabled, the password is sent in cleartext just like normal. This is inherently insecure over plaintext channels, but it is the default behavior of WordPress. How do I know this plugin is working? When the login form is displayed, the message "Semisecure Login is enabled" will appear underneath the Username and Password fields. If for some reason it isn't working (i.e., if JavaScript is not enabled, or you're running a browser that doesn't support certain necessary JavaScript functions), the message will read, "Semisecure Login is not enabled! Please enable JavaScript and use a modern browser to ensure your password is encrypted." Note: v2.0 adds support for encrypting passwords on the user administration pages. In this case, the message "Semisecure Login is enabled" will only appear if the option has been activated (and JavaScript is enabled). If not, then nothing will be displayed. Is this really secure? Short answer: No, but it's better than nothing. Without SSL, you're going to be susceptible to replay attacks/session hijacking no matter what. What this means is that if someone is able to guess or learn the session ID of a logged-in user (which would be trivial to do in an unprotected wireless network), then essentially they could do anything to your WordPress site by masquerading as that user. So what's the point? The point of this is to prevent your password from being transmitted in the "clear." If someone is in a position where they can learn your session ID, under normal circumstances, they'd also be able to learn your password. The proper use of this plugin removes that possibility. How can I make my site REALLY secure? Use SSL. This means you'll have to have a dedicated IP (which usually costs additional money) and an SSL certificate (which is expensive for a "real" one, but if you're just using this for your own administration purposes, a "self-signed" certificate would probably suffice). Any more detail on these two things is beyond the scope of this document.;

Semisecure Login Reimagined Wordpress Plugin free download

Here is the Semisecure Login Reimagined wordpress plugin download link you can download and install to your Wordpress blog

Download Semisecure Login Reimagined Wordpress plugin directly

Download Semisecure Login Reimagined from wordpress Plugin repostiory

Semisecure Login Reimagined WordPress plugin Alternatives

Semisecure Login Reimagined Mozilla Addons

Semisecure Login Reimagined Chrome Extension

 
 
Google chrome extensions Download

We collect the latest most useful Google chrome extension from Google chrome Extensions directory . You can download Chrome extensions directly from here.