Feature Explained: Force SSL Login

NOTE: This option has been removed since Shield v5.4.3+ as it has been deprecated from WordPress core itself.

Submitting login details over non-secure web connections is inherently a security risk.

This is the default action for WordPress.  And so it should be, because most sites do not have SSL certificates installed.

Warning: Please only enable this option if you have a valid and tested SSL certificate for your site.  If you enable this option and you don't have SSL enabled, you will be locked out from your site and unable to login.

This setting is the equivalent of adding the FORCE_SSL_LOGIN definition to the wp-config.php. More details here.