[Plugin: Theme My Login] No support for SSL certificates?

It’s supposed to already. I’ll look into it when I get a chance.

Thanks, Jeff! I looked at the HTML which the plugin generates, and its not using HTTPS to post the login form data. I’m using another plugin called WordPress HTTPS to force SSL logins on the default login form. -Fred

Jeff, I can now verify this problem. With theme-my-login enabled if a user goes to an http login page it sends their data insecurely and then redirects them to the https version of the login page before they can actually sign in. Strangely, trying to do a php or apache redirect from https://domain.com/login to https://domain.com/login results in a redirect loop, although I haven’t had the time to figure out exactly why that is happening so far. Example to reproduce redirect loop: install and activate WPSSL (WordPress with SSL) plugin, mark the theme-my-login page as force ssl in the wordpress editor and click update.

Details: multisite subfolder install, using cloudflare

Jeff,

I’ve revisited this problem and found a solution which meets my needs. Here are the details.

I am using the WordPress HTTPS plugin to force the use of SSL on the login page created by Theme My Login. Since your plugin uses a relative URL to post the login form data, the HTTPS protocol is automatically inherited from the page as a whole. That means the username and password are submitted securely, and my problem is solved!

Now that I’m using your plugin, I really appreciate what a handy piece of software it is. I especially like having the ability to customize login and logout redirection for different user roles.

Thanks very much,

Fred