PriMoThemes — now s2Member® (official notice)

This is now a very OLD forum system. It's in READ-ONLY mode.
All community interaction now occurs at WP Sharks™. See: new forums @ WP Sharks™

One-Way Password Encryption

s2Member Plugin. A Membership plugin for WordPress®.

One-Way Password Encryption

Postby pualsline » July 30th, 2011, 7:50 pm

I am not very familiar with website design. I am getting a lot closer and have learned a lot (mostly thanks to this site). Thanks for all your help first of all.

Secondly, I am wanting to make sure my site is secure. I made an Unique Security Encryption Key, Brute Force Login Protection, and added Unique IP Access Restrictions. The only thing left is One-Way Password Encryption for me to get my security badge. I read through the description

This website stores passwords with a One-way Encrypted Hash, using only a "hashed" version of your password for future comparison. This means that your plain text password is not stored anywhere, and therefore cannot be stolen and/or shared through this website. Only an encrypted "hash" is known, with no way to decode the actual value of the password itself (e.g. a One-way Encrypted Hash). This One-way Encrypted Hash allows the site to verify a cryptographic hash algorithm, and if the hash value generated from your entry ( during an attempt to log in ) matches the One-way Encrypted Hash stored in the password database, you are permitted access. The One-way Encrypted Hash value is created by applying a hash function (using cryptographic methodologies) to a string consisting of the submitted password, and another value known as a Salt. The Salt is unique to this site, and it prevents attackers from easily building a list of One-way Encrypted Hash values for common passwords.


This is my limited knowledge coming out, but I don't understand how to do this. Please help...I want my site to be secured.
User avatar
pualsline
Registered User
Registered User
 
Posts: 11
Joined: July 23, 2011

Re: One-Way Password Encryption

Postby Cristián Lávaque » July 31st, 2011, 12:02 am

I'm glad we've been able to help you so far. :)

The password with One-way Encrypted Hash is already done by WordPress, that's how it stores passwords. It's added to the badge to show your members another security feature of your website.

Does that help?
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it Image at WordPress.org. Thanks! :)
User avatar
Cristián Lávaque
Developer
Developer
 
Posts: 6836
Joined: December 22, 2010

Re: One-Way Password Encryption

Postby pualsline » July 31st, 2011, 8:02 am

Well, this adds a new level of confusion to me. I have done all the other levels of security to get my badge to verify, but it hasn't done so.
User avatar
pualsline
Registered User
Registered User
 
Posts: 11
Joined: July 23, 2011

Re: One-Way Password Encryption

Postby Cristián Lávaque » July 31st, 2011, 8:23 pm

Could you show me a screenshot of your Security Badge panel? WP Admin -> s2Member -> General Options -> Security Badge

Also, what's the URL to your WordPress installation with s2Member?
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it Image at WordPress.org. Thanks! :)
User avatar
Cristián Lávaque
Developer
Developer
 
Posts: 6836
Joined: December 22, 2010

Re: One-Way Password Encryption

Postby pualsline » August 1st, 2011, 10:35 am

www.swanprops.com (website is still in development and nowhere near done)
Securitybadge1.jpg

Securitybadge2.jpg
User avatar
pualsline
Registered User
Registered User
 
Posts: 11
Joined: July 23, 2011

Re: One-Way Password Encryption

Postby Cristián Lávaque » August 1st, 2011, 1:17 pm

Thanks.

pualsline wrote:I made an Unique Security Encryption Key, Brute Force Login Protection, and added Unique IP Access Restrictions.


That's good.

Badge documentation wrote:However, in order to qualify your site, you MUST generate a Security Encryption Key (previous section), and then click "Save All Changes". [...] Also, s2Member will NOT "verify" your site if you turn off Unique IP Restrictions, Brute Force Login Protection, or if your /wp-config.php file lacks Security Keys (at least 60 chars in length, each).


Did you check the security keys in your wp-config.php file?
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it Image at WordPress.org. Thanks! :)
User avatar
Cristián Lávaque
Developer
Developer
 
Posts: 6836
Joined: December 22, 2010

Re: One-Way Password Encryption

Postby pualsline » August 1st, 2011, 1:59 pm

Badge documentation wrote:However, in order to qualify your site, you MUST generate a Security Encryption Key (previous section), and then click "Save All Changes". [...] Also, s2Member will NOT "verify" your site if you turn off Unique IP Restrictions, Brute Force Login Protection, or if your /wp-config.php file lacks Security Keys (at least 60 chars in length, each).


I checked and I did generate the 60 character code.

Did you check the security keys in your wp-config.php file?


I don't know how to access the wp-config.php so if I have to manually add the code then I have not done that...care to explain how to do this?
User avatar
pualsline
Registered User
Registered User
 
Posts: 11
Joined: July 23, 2011

Re: One-Way Password Encryption

Postby Cristián Lávaque » August 1st, 2011, 6:39 pm

Read this https://codex.wordpress.org/Editing_wp- ... urity_Keys

You can find the wp-config.php file in your WP's install directory via FTP.
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it Image at WordPress.org. Thanks! :)
User avatar
Cristián Lávaque
Developer
Developer
 
Posts: 6836
Joined: December 22, 2010


Return to s2Member Plugin

Who is online

Users browsing this forum: Yahoo [Bot] and 3 guests

cron