As of two days ago, I am getting warned by both Firefox and Chrome that my wordpress login page is not secure. Running Windows 8.1, up to date, and with updated browsers. As far as I know I've never had a SSL certificate for this site. Please help.
Things I've already done:
1. Checked that date and time are correct on my computer (I did remove my BIOS battery recently for unrelated reasons, but time and date are correct within Windows). Problem exists across machines anyway.
2. Renamed plugins directory to insure a plugin wasn't causing it. No change.
3. Played around with config file (adding SSL force lines), which only resulted in the warning messages switching from "not secure" to "not private."
Additional questions, while I'm at it:
1. If I do not physically enter the password, but instead allow Firefox or Chrome to enter it automatically, is it still vulnerable to theft?
2. Do most simple wordpress sites have SSL certificates? I've had a wordpress site for years without running into this issue.
3. Would I have to pay for managed wordpress from Go Daddy to get SSL?
The web is moving to be a more secure place, and browsers are implementing sterner warnings. With the login fields on the page in question the browsers know that sensitive information would potentially be sent over an unsecure connection.
On a side note, when talking about security it is also important to keep any computer you access the admin with protected with up-to-date anti-virus and malware software.
Either type of attack are often now automated. The size of the site may not be a factor with bots just looking for sites with certain vulnerabilities.