Google Chrome has started flagging sites served over HTTP as insecure. It makes sense to redirect all HTTP traffic to HTTPS for that sweet sweet padlock.
Yes, I agree! I started setting up https ages ago. It shouldn’t be difficult, but I somehow managed to get it all horribly mixed up with testing a new version of the forum software, and I hit a few problems, so I threw it all up in the air, sulked for a bit, then walked away and forgot about it I’ll get back onto it soon. Probably.
I don't agree. Unless you already pay for SSL certification, it's not worth it for a site that doesn't HAVE any confidential information. Vendor sites need it to keep your personal details and financial information secure, Copenworld doesn't sell anything so the only information here about any of us are our public posts.
The benefits are a bit limited for the reason you give but copenworld has email addresses and passwords, which wisely or not some users will reuse on other sites. Also you can also MITM an HTTP site to inject nasty JavaScript exploit code to attack the user's computer in different ways, so it's worth cooperating with Google's attempt to drag everyone into upgrading. It's not massively urgent or anything, but it's still worth doing. There's no need to pay for a certificate either, thanks to Let's Encrypt.
Ah, if it's free that's another matter, although we're an unlikely site for attacks due to the specialist nature of it. On the subject of passwords, I have an awful memory, but I find the 'leetspeak' method works for me for secure passwords I can actually recall. I just find some word or phrase I can associate with the site, then throw in numbers and capitals. For example 'copen' would become c0P3n. I don't bother for most forums since all they have is my email, but anywhere with payment details gets a unique one
Lets Encrypt have completely changed the way the industry have viewed SSL certs. In the past, you applied SSL certs manually, they lasted a year, and you paid someone. Now the SSL cert renewal and application is automated, they last 90 days, and cost nothing - all these mean that SSL is becoming the new standard protocol in comparison to HTTP... and long may it live.
Yes, it's free now, so at least that's one thing I don't have to pay for! I'll be setting it up shortly....
OK, I've done it, I hope! All pages should now be https, so you should see the padlock. I hope I've picked up everything that needed to be changed. I may have missed something, so if you see any errors or warnings, please let me know and I'll take a look.