My website uses wordpress, to which I have a database setup for the user information (Username, Passwords, Emails, etc). For the application I am developing, I have a PHP file that compares Username and Password information sent via a AJAX Post from my app, to the wordpress user information database. Basically what happens is VIA the application the user enters a username and password, a API key is generated and sent to the PHP file. The file compares the api key and then the password and username information. If everything is valid, it returns the username via Ajax.LastData which my game uses for leaderboard updates.
My question about security is for the password being sent via the Ajax post method. I've thought about hashing the password with a salt and comparing it to the salted password of the wordpress database, but this does not seem as secure as it sounds. I was wondering how I would go about using SSL (as I believe this is the fix for my problem) or some other method to really secure the password that is being sent. I originally wanted to have the user log into the website on the device they are playing on, and have a php script check if they are logged in so I wouldn't need to send the password via Ajax, but I didn't know how to do this so I went with the above mentioned method.
I own a hostgator account, have a good understanding/knowledge though I am still a bit of a beginner (learning from a friend who knows a decent amount of this stuff, but is unfamiliar with construct 2). Any help would be appreciated!