Blake,
I’m happy to hear I was of assistance to point this out. It’s the least I could do, given the sizable benefits I’ve received over the years from the collective you.
> [Y]ou are saying this because this is an http: site instead of https. Is this correct?
That is more or less correct.
> To put this into perspective wouldn’t the person need to be sitting in the coffee shop with packet sniffing software to capture the data, and then sort through it to find the password?
Precisely—it’s exactly like leaving the door to your home unlocked. If someone goes around to the homes of your neighbors and you checking the front door, he will find that yours is unlocked. The people who are able to do this include fellow customers at the coffeehouse, the owner of the coffeehouse, the people who live above or next to the coffeehouse, and anyone with access to the assortment of computers and networking/telecom equipment the password travels through across the internet to reach the WordPress server.
> I will research converting this site to https, to eliminate this potential problem.
Sounds good, Blake! Personally, I use a unique password for the forum, so I’m unaffected, although others almost certainly are affected/exposed by this.
For what it’s worth, for fun I put https://dharmatreasurecommunity.org/forums/reply/2043 into my browser and it worked just fine (albeit with a warning). So I suspect it’d be fairly easy to secure.
Godspeed, sir.
―James
Dor K
11 months ago
Salina D
5 years, 9 months ago
Dennis
6 years, 1 month ago
lemmefly
6 years, 1 month ago
