At the last meeting, Mars pointed out that nmglug had no ssl for login and registrations.. oops. Its setup now.. Its self signed so ignore the warnings.. Whats important is that its encrypted. I set define('FORCE_SSL_ADMIN', 'true'); in wp-config.php so its enforced for all login and registration pages.