[Defender] Masked login page shows as insecure

Hi there,

I've set up the masked login feature on stevebimpson.com but the masked page is showing as insecure (stevebimpson.com/cp-access), which isn't good.

I'd appreciate it if you could take a look and advise.

To expedite things, I've already granted you support access.



  • Adam Czajczyk

    Hello Steve - Just Think BiG

    I hope you're well today and thank you for your question!

    The issue isn't directly related to Defender and it's "masked login" function. Browsers will mark all the sites that are not served over SSL-secured connection (no "https://") as insecure and especially recent Chrome will explicitly say "Not Secure" if a loaded page e.g. contains any password forms or credit card forms or anything that could even remotely be used for sending any sensitive data.

    The only solution to this is to protect the site with SSL, which means setting up an SSL certificate and after it is added, setting up WordPress to use it by changing "http://" prefix to "https://" on "Settings -> General" options page in site's back-end (both URLs there).

    Additionally, a redirect from http:// to https:// might be a good thing to add.

    I'm not sure about your host but currently lot of hosts provide "one click" installation of free Let's Encrypt SSL certificates. If that's not an option, a sufficient certificate can be used with free plan of CloudFlare CDN.

    The point is, to get rid of that warning, you'd need to make sure that the site is secured with SSL.

    If you have any additional/follow-up questions, let me know please.

    Kind regards,

  • Steve - Just Think BiG

    Hi Adam,

    As I sit here reading your response, the penny drops and I realise that I knew this all along and didn't, actually, even need to ask the question. I've just had my head down on a number of tasks and automatically opened a support ticket without really thinking this one through.

    I'm actually in the process of moving this domain from my old hosting platform to my new one. The old one isn't SSL and the new on is. The delay is that this is one of my websites, which I've decided to re-develop and bring it up to date. I just haven't finished yet.

    I used this site to test the login url masking before using it elsewhere.

    Anyway, please accept my apologies for the silly question.

    Kindest regards,


  • Adam Czajczyk

    Hi Steve - Just Think BiG

    There's absolutely no need to apologize! I know the feeling, believe me. I have "worse days" too sometimes, feeling that "my mind goes stuck" on something. That's a perfectly "human thing" and happens to all of us :slight_smile:

    I'm happy that I could help and I hope all will go fine. If you experience any issues "along the way", remember please that we are all here to assist you!

    Have a great day!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.