https:// for login

woof

Mu-43 Top Veteran
Joined
Oct 18, 2011
Messages
511
Location
The present.
I note that the site generally is using http://

are the login credentials posted uing https://? if not, please consider adding this.

Respectfully,

Seaain
 

prophet

Mu-43 Regular
Joined
Aug 10, 2014
Messages
136
+1! ssl encryption should be standard these days, and is really no big deal to set up (even a free ssl certificate would do fine).
 

Amin Sabet

Administrator
Joined
Apr 10, 2009
Messages
10,892
Location
Boston, MA (USA)
I'll look into this some more - both in terms of how important it is and how hard it would be to implement. I don't see any of the many other forums I frequent doing this, which makes me think that either it isn't needed or that there is some other downside.
 

barry13

Mu-43.com Editor
Joined
Mar 7, 2014
Messages
9,397
Location
Southern California
Real Name
Barry
Amin,

1. There are some free certificate authorities. One or two have been around awhile, and a new one is coming:
http://techcrunch.com/2014/11/18/mozilla-eff-and-others-band-together-to-provide-free-ssl-certificates/
Startssl.com

2. Godaddy sells perfectly good certs for well under $100USD, and they have multi-domain certs as well.
A single multi-domain cert ($90) can probably cover all 5 of your domains.
https://support.godaddy.com/help/article/3908/what-is-a-multiple-domain-ucc-ssl-certificate

If you need more details, I can look at the ones I've bought on Monday.

FYI, there is no extra value in buying an EV cert unless you are a bank or similar.

Barry
 

Amin Sabet

Administrator
Joined
Apr 10, 2009
Messages
10,892
Location
Boston, MA (USA)
Darn, Google is pushing from both sides. On the one hand, they want everyone using https and will use it as a ranking signal, meaning that those who don't adopt it will eventually get less traffic. On the other hand, they acknowledge that their Adsense inventory for https sites is low, so we'll make less money through Adsense ads after adopting https.

We're very dependent on Adsense for paying the bills here, so it's a tough choice I'm facing here!
 

phigmov

Mu-43 Hall of Famer
Joined
Apr 4, 2010
Messages
4,476
It'd be interesting to see why the revenue for https sites is low. A click impression regardless of how its secured is just another click. The only thing I can think of is that the https secures the channel such that google can non longer 'see' into the traffic stream because its encrypted and it affects their analytics in some way (ie they're deliberately inflating the impact to them).

I'm not sure how vBulletin does what it does but perhaps it can be setup to secure the login itself (ie credentials aren't passed in the clear) while leaving the rest of the site as standard http (ie if you're not logging in and passing sensitive data you don't get secured). After-all, the content itself is publicly accessible and visible, its only the login portal that is sensitive.

I'll be hitting my 2000th post soon so I'll be sure to top up my site donation to aide the cause :)
 

Amin Sabet

Administrator
Joined
Apr 10, 2009
Messages
10,892
Location
Boston, MA (USA)
It'd be interesting to see why the revenue for https sites is low.
Here's what Google says (source):

HTTPS-enabled sites require that all content on the page, including the ads, be SSL-compliant. As such, AdSense will remove all non-SSL compliant ads from competing in the auction on these pages. If you do decide to convert your HTTP site to HTTPS, please be aware that because we remove non-SSL compliant ads from the auction, thereby reducing auction pressure, ads on your HTTPS pages might earn less than those on your HTTP pages.

I'm not sure how vBulletin does what it does but perhaps it can be setup to secure the login itself (ie credentials aren't passed in the clear) while leaving the rest of the site as standard http (ie if you're not logging in and passing sensitive data you don't get secured). After-all, the content itself is publicly accessible and visible, its only the login portal that is sensitive.
Except that Google is going to use https as a ranking signal, meaning that the content itself will see less traffic if we don't serve it on https pages.


I'll be hitting my 2000th post soon so I'll be sure to top up my site donation to aide the cause :)
Thanks as always!
 

Amin Sabet

Administrator
Joined
Apr 10, 2009
Messages
10,892
Location
Boston, MA (USA)
Ouch, I just realized that switching the site to https is going to mean that any pages with embedded photos from non-https sites (eg, zenfolio, smugmug) are going to result in those scary browser warnings. I've already paid for the certificates, but I think changing over will be much more trouble than it is worth.
 

prophet

Mu-43 Regular
Joined
Aug 10, 2014
Messages
136
most of these sites also offer https - so you could tell you software to change embedded links to the https version, if available (Smugmug has, Zenfolio also).
 
Links on this page may be to our affiliates. Sales through affiliate links may benefit this site.
Mu-43 is a fan site and not associated with Olympus, Panasonic, or other manufacturers mentioned on this site.
Forum post reactions by Twemoji: https://github.com/twitter/twemoji
Copyright © 2009-2019 Amin Forums, LLC
Top Bottom