The original Semisecure Login is a very nice WordPress plugin by James M. Allen which mitigates the significant security risk of user passwords being transmitted across the network in plaintext. The plugin uses a client-side JavaScript implementation of the MD5 hashing algorithm to encrypt a user's password before sending it. The password is salted with a random nonce before encryption so as to prevent replay attacks.
The changes made in WordPress 2.5 broke this plugin, since a new password hashing scheme was introduced and the hook it previously relied on was deprecated. I've kept the basic idea and reimplemented the plugin for 2.5, using the new check_password hook and rewriting its authentication function to be compatible with the arguments of that hook. The original plugin had a very nice behavior of graceful degradation: clients who didn't support JavaScript were still able to log in using the old, cleartext password transmission logic. This version preserves that behavior.
This plugin requires the MD5 Password Hashes plugin for WordPress 2.5. This means that users won't be able to take advantage of 2.5's new password-hashing scheme for the database, but I believe transmitting a password in plaintext across a network is a far more serious security risk, so I'm happy to trade down to MD5 in exchange for fixing that.
For technical reasons, users of this plugin may find they have to attempt to log in twice. If this bothers you sufficiently to want to fix it, a fix is available, but requires editing WordPress code. See the comment titled "README - IMPORTANT NOTE" in semisecure-login.php.
