Using Apache's mod_rewrite, DokuWiki logins can be foreced to use HTTPS, thus preventing clear text passwords on the wire.
You may want to read up on general rewriting first.
The following assumes you already set up HTTPS support for your wiki, making it available via HTTP and HTTPS on the same address. For performance reasons only the login and profile updates should be forced to HTTPS while all “normal” wiki actions will continue to work on HTTP.
Since you need to have cookies set up via HTTPS to work on HTTP as well, you need to disable the securecookie option first. Then proceed to set up the redirection in your .htaccess:
# Switch to secure on login, profile and admin actions
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{QUERY_STRING} do=(log|profile|admin)
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R,QSA,L]
# Change back to non-secure on show action
RewriteCond %{HTTPS} on
RewriteCond %{QUERY_STRING} (do=show|^$)
RewriteCond %{REQUEST_METHOD} GET
RewriteRule ^(.*) http://%{HTTP_HOST}/$1 [R,QSA,L]
You may want to change ${HTTP_HOST} to ${SERVER_NAME}, where server name matches the hostname in your SSL certificate.
Note: the above switches back to non-SSL on the show action only. This means switchback might not occur immediately after login, but ensures there will be no “mixed content” warnings during the SSL operation.