Do not show password, during login, on an insecure channel (without SSL). Use a SHA-256 hash algorithm.
| Author: | Enrico Rossomando (redsend) (profile at wordpress.org) |
| WordPress version required: | 2.5 |
| WordPress version tested: | 5.4.2 |
| Plugin version: | 1.6.6 |
| Added to WordPress repository: | 28-08-2007 |
| Last updated: | 07-06-2020
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 62 |
| Rated by: | 8 |
| Plugin URI: | https://www.mrred.it/chap-secure-login-a-word... |
| Total downloads: | 57 055 |
| Active installs: | 1 000+ |
 Click to start download |
|
Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols. By activating the ChapSecureLogin plugin, the only information transmitted unencrypted is the username; password is hided with a random number (nonce) generated by the session – and opportunely transformed by the SHA-256 algorithm.
In the first login there will be an error, but don’t worry is only a tecnical error. Indeed in the next login’s operation, if the values are correct, there will not be errors, but you give mind because the password will sended in unencrypted way.
If you want more details about this algorithm, check “Building a CHAP Login System”.
This is a zero-configuration plugin.
Enrico Rossomando (redsend) this is my blog about programming, gaming and startup > https://www.mrred.it
ChangeLog