Does WP Autosave use a secure transmission protocol?

  • Resolved Martt Harding

    (@martt-harding)


    9 years, 1 month ago

    I’m a first-time WP user, building a CMS website for my retirement community, using the WP 4.3.1 with a Twenty Thirteen theme. Most of the content is in PDF files that WP stores as “media”. And many of those PDF files contain information the community considers sensitive and wants protected.

    I set up a copy of FileZilla to run SFTP and it works successfully with the BlueHost server. However I have belatedly realized that most of the content (i.e. the PDF information that WP stores as “media”) is uploaded to the server by an every-two-minute autosave process that uses Ajax. I don’t know anything about Ajax.

    My question is, does Ajax use a secure protocol to exchange media files with the server? If yes, what protocol? SFTP, FTPS, ?? And can the protocol be changed if it is insecure (e.g. FTP)? I have searched high and low but haven’t found an answer in the codex or in this forum.

    Martt

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter Martt Harding

    (@martt-harding)

    Update from Martt Harding:

    I may have found the answer. AJAX is evidently a background XML-based process that allows particular items on a webpage to be updated by the server as a result of interaction with the browser’s user, without the server having to re-send the entire page. So I THINK this means that if the WP website is https://xxx and thus not protected for transmission security, then the AJAX transactions will not be secured either. If this is correct I will have to revise the my website so it is running under Secure Sockets Layer protocol (i.e. https://xxx) in order to protect the media files transmitted by AJAX as part of the Autosave process.

    Please advise if my supposition is correct. If not, please provide details.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    You’re correct. If your site does not support https then anything you transmit will be in the clear.

    Give this a read, it might help you get WordPress and https working together.

    https://make.www.ads-software.com/support/user-manual/web-publishing/https-for-wordpress/

    Thread Starter Martt Harding

    (@martt-harding)

    Thank you very much, Jan. I don’t know why it took me so long to understand what now seems a straightforward issue, but it was all quite unfamiliar. Plus I had gotten sidetracked with setting up FileZilla and thought there was a connection. Nope. However all’s well that ends well. Our web hosting service, BlueHost, is set up to handle SSL sites and there’s no impact on the work I’ve done to date. And their tech representative pointed me to the same article you referenced, so I was beginning to head in the right direction.

    Thank you again for your quick response.

    Martt

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Does WP Autosave use a secure transmission protocol?’ is closed to new replies.

Tags