It is a simple way to prevent this security issue.

In most of Content Management System, the user’s password store in database with hash algorithm. Just your server reduce one operate in Hashing algorithm if you have more than one.
You must do a function with JavaScript and hash the input element with type of password. The value of this element before sending must be hashed with JavaScript.

See the header of normal login :

Content-Type: application/x-www-form-urlencoded
Content-Length: 54
username=user&password=MyPASS&normallogin=Normal+Login

The hacker can read your data from header of your request.
password=MyPASS

More security with JavaScript

With this method you can create the secure form for login.

Content-Type: application/x-www-form-urlencoded
Content-Length: 80
username=user&password=f4c0724be9899724b6d7549a71144441&securelogin=Secure+Login

password=f4c0724be9899724b6d7549a71144441

Use this method

In my idea when you hashed the password before the submit that the user privacy have been increased.
See online demo
First we need a hash algorith that use in your password in server. For example we use MD5 in this example. Your password store in server with SHA1 hash.
In normal mode you use this method for checking sum for inputting password.

$password = sha1('myprivatevalue' . md5($_POST["password"]));

But when do hash in password value in client side reduce one operating:

// we do not use md5 for this because this method applied in client side with JavaScript
$password = sha1('myprivatevalue' . $_POST["password"]);

It’s a simple way to protect real string password but hacker can still hack your login form with inject the request (Thank to Ben hockey to remember this issue.).
You must use some way to prevent the hackers to inject request to your server.