Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The Secure Login settings page now recommends that the registration form be secured - regardless of the e-mail verification setting - to ensure that secure links are generated in email messages.
Add a new menu callback that redirects insecure password reset URLs to the secure URL. This ensures that secure authenticated sessions are created, even if a user somehow lands on an insecure one-time login URL.
Due to changes in Drupal 7.79, move user_pass and user_register_form to the "required" section of forms to be secured.
Please visit the admin/config/people/securelogin page and ensure that the checkboxes for securing the user password request and user registration forms are checked!
This release cleans up some code, adds some more test coverage and, if the redirect setting is enabled, ensures that the form will be rebuilt in case the redirect was not cached.
The password reset form should be secured, because submitting this form creates an authenticated session. Also add options to secure the password request and contact forms.