processwire.com over SSL

[mrjasongorman]

I've noticed that the processwire.com website runs over SSL, but i also noticed that visiting the websites over http still works, and once using the insecure version the links are also relative pointing to non-ssl links.

As a fix there could possibly add an auto redirect to the HTTPS site? This could potentially then take advantage of HTTP/2 speed.

 

 

[LostKobrakai]

Auto https does have the disadvantage, that as soon as there's some issue with the certificate the site is essentially down, even though it's running fine via http. As processwire.com is mostly running with guest users and mostly there to supply public information I'm not sure it that's worth the hassle to disallow http.

[benbyf]

SSL everywhere. Google is pushing HTTPS sites up in their results now. should we all be using HTTPS? and are you now and how?!

also this was a great wake up call for me: http://shoptalkshow.com/episodes/250-web-security-april-king-alex-sexton/

For me I'm using Digitalocean and Serverpilot and it was a matter of enabling the Let's encrypt script so supppppppper easy (full disclosure, those two links have affliates)

[Mont]

I'm using Rochen Host and have enabled Let's encrypt on my MVS.  Love it!  Took longer to update google's webmaster tools and analytics than enabling my sites to TLS.  

My question is whether I should encourage my existing clients who have EV certs now to switch to Let's Encrypt when they expire?

[benbyf]

On 23/03/2017 at 4:42 PM, Mont said:

My question is whether I should encourage my existing clients who have EV certs now to switch to Let's Encrypt when they expire?

+1

[mrjasongorman]

On 14/09/2016 at 5:07 PM, LostKobrakai said:

Auto https does have the disadvantage, that as soon as there's some issue with the certificate the site is essentially down, even though it's running fine via http. As processwire.com is mostly running with guest users and mostly there to supply public information I'm not sure it that's worth the hassle to disallow http.

It just seems a shame that the forum auto redirects but the main site doesn't?

[LostKobrakai]

Yeah, but the forum does (need to) handle with lot's of user data. There it makes sense. On processwire.com I'd imagine besides a handful of people nobody is authenticated or otherwise handling any kind of non public data.