Unsecure redirection on the login page

I’m getting

Invalid Username or Email or incorrect password!

when I go to the login page with Http URL but not on HTTPS

  • Patrick Freitas
    • FLS

    Hi Neil

    Sorry to hear you are having this issue.

    As my teammate said on chat this is our legacy plugin, we hardly recommend members to use plugins that receive updates once the WordPress and PHP constantly receive updates and new functions.

    Once that said, I can see the website is not redirecting to HTTPS correctly, we suggest creating a 301 redirect before the WordPress rules, it will avoid the problem and make sure your users always use a safe website.

    For this, you can use the Really Simple SSL plugin https://wordpress.org/plugins/really-simple-ssl/

    Or manually adding the 301 redirect rules on htaccess.

    Using the sFTP or a hosting file manager, navigate to your WordPress installation, find the htaccess file and before of the WordPress rule add the 301 redirect.

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    This will prevent the issue.

    Let us know if you need any further help on this.
    Best Regards
    Patrick Freitas

  • Neil
    • Flash Drive

    Perfect, Patrick Freitas!
    This is exactly the solution I was looking for and it made a huge difference to the site’s performance.
    I knew it would be something simple, but really needed someone to give me the exact solution. :slight_smile:
    Much appreciated.