Security Vunerability (wikihow.com)

Batreeq August 7, 2016, 8:08pm 1

Hello,
While using the site today, I noticed that there is an issue with login security on wikiHow. To be more specific, the login portal on articles is unsecured.

While wikihow.com/Special:UserLogin IS secured, the articles are not. Because of this, a hacker can insert code to disguise a fake login form to steal users’ passwords. SSL (TLS) security protocols also verify website authenticity. If the site does not have the padlock icon, people may think that they are on the fake wikiHow site.

Thank you.

Tiagoroth August 7, 2016, 8:21pm 2

Moved to a more appropriate category.

Anna August 15, 2016, 4:59pm 3

Thanks Batreeqah! We have an option in the Preferences here to “Always use a secure connection when logged in” - you’re welcome to turn that on for your account. If you’re worried about security at log-in, too, then I’d just go ahead and log in from the secure log-in page rather than the drop-down menu. That should do the trick for anyone particularly concerned about security.

Batreeq August 15, 2016, 10:58pm 4

I can login securely from that page. I am still confused on why wikiHow does not encrypt connections for users when logged out. wikiHow.com has already been issued an TLS (SSL) certificate, so I suggest that the website use it when users are logged out.

Thank you.

Topic		Replies	Views
Unencrypted Account Login General Chat	1	52	August 3, 2023
Anyone willing to help bug test secure connection settings? Village Pump	10	73	August 3, 2023
http://www.wikiHow.com, www.wikihow.com, www.wikiHow.com, or wikihowpro.com {Secure connection?) Bug Reports	1	70	September 29, 2016
Suggestion: SSL login? Bug Reports	7	75	July 5, 2011
FYI: wikiHow isn’t vulnerable to the Heartbleed Bug Village Pump	8	95	August 3, 2023

Explore Categories