digitalFAQ.com Forum

digitalFAQ.com Forum (https://www.digitalfaq.com/forum/)
-   General Discussion (https://www.digitalfaq.com/forum/news/)
-   -   Website not forcing SSL? (https://www.digitalfaq.com/forum/news/12104-website-forcing-ssl.html)

RobustReviews 08-18-2021 07:49 AM

Website not forcing SSL?
 
Hello all,

Just in case this is something that hasn't been noticed, this website isn't forcing 443/SSL?

Is this an issue my end or the site's end? Probably not a good look to be discussing hosting etc with a site that could be spewing out plaintext passwords etc*?

My browser is getting quite grumpy about it all now... Might be something to look in to as forcing SSL is now a bit part of SEO etc.

RR
* I don't think it is :P
**I'll send a PM to the owner**

Hushpower 08-18-2021 08:07 AM

Quote:

Is this an issue my end or the site's end?
The site's end. I've got a "Not secure" warning from Chrome.

RobustReviews 08-18-2021 08:19 AM

There's good reason to get it solved, it'll drive more traffic to the site too!

It's not uncommon, but perhaps something admin could look in to, it's 2021 - non-SSL sites are soon going to be a no-go for search engines if you belive the latest round of SEO speculation.

Is this being dealt with?

admin 08-23-2021 03:51 AM

Quote:

Originally Posted by RobustReviews (Post 79362)
Is this being dealt with?

No. It requires a rewrite of site code. SSL is part of the next site revision, ETA still unknown. It was to be released in 2020, but pandemic and all, didn't happen.

Quote:

Originally Posted by RobustReviews (Post 79228)
spewing out plaintext passwords etc*?

Don't use random insecure public WiFi networks. :wink2:

RobustReviews 08-23-2021 05:09 AM

Quote:

Originally Posted by admin (Post 79364)
No. It requires a rewrite of site code. SSL is part of the next site revision, ETA still unknown. It was to be released in 2020, but pandemic and all, didn't happen.

I'm not sure what needs "re-writing" in terms of SSL? It's not a good look for a forum affiliated with web hosting, that's for sure. Let's Encrypt is free, open-source and very easy to setup.

Quote:

Don't use random insecure public WiFi networks.
I don't :screwy: That reply might show a misunderstanding of the problem though - sure it's part of the problem, but I think there may be deeper issues here.

Drop me a PM if you want any advice, I've set up LE certificates on many sites/server types.

admin 08-23-2021 05:23 AM

This site is probably far more complicated than anything you've ever dealt with. SSL isn't simply a matter of getting the certs, and flipping a switch somewhere. It's more involved, relying on the webserver, site code, and managing the communication with any CDNs or proxies.

Thanks for the advice offer, but we know what needs to be done. It's involved, and a multi-step process, we have to audit everything from the top down, and then re-audit from the bottom up. We're leaving no room for mistakes.

It probably won't happen until next spring or early summer.

Affiliating with web hosting has nothing to do with SSL.

RobustReviews 08-23-2021 05:37 AM

Quote:

Originally Posted by admin (Post 79371)
This site is probably far more complicated than anything you've ever dealt with.

I'm intrigued, what have I dealt with? I would find it very unlikely this is more complicated than anything I've ever deal with. Tell me, what have I dealt with?

Quote:

SSL isn't simply a matter of getting the certs, and flipping a switch somewhere. It's more involved, relying on the webserver, site code, and managing the communication with any CDNs or proxies.
Not 'rocket science' is it though, unless the whole thing is glued together with bits of random code, then yes, you may have more of an issue.

You use Cloudflare, which will handle most of this for you, I don't know any other CDN/proxies you use but trust me, in 2021, SSL won't be an issue.

I think you misunderstand my point about affiliate marketing, obviously, this is not directly affected by SSL (or no) - however it's probably not a good look for a website offering 'advice'.

It's your site, do what you wish with it, it's a good site - I just think it's a bit *ahem* amateurish if you're going to discuss web hosting and run with MD5 and no certs.


All times are GMT -5. The time now is 03:07 AM

Site design, images and content © 2002-2024 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2024 Jelsoft Enterprises Ltd.