I got a starfield digital certificate to use https on my mybb forum.
I read on the thread below how to force https for ALL USERS:
http://community.mybb.com/thread-89873-post-945738.html
I've been reading a bit about the subject and it seems that https can take quite a bit of load on the server, and I have around 20000 pageviews a day, and I believe that 80-90% of the access are non-logged users (around 200 different users logged every day).
Another point to take in account is that the links on my site have a lot of "juice" and appear quite high in many many keywords. From what I've read, changing to https, even with 301 redirect ends up loosing a bit of the juice. 80% of my traffic comes from google.
Soooo.... I thought in using https to send login credentials and all URLs while the user is logged.
At the moment using
https://forum.antinovaordemmundial.com/ doesn't show the style, JS and images properly.
I tried SSL Switcher, but it didnt make any difference
http://mods.mybb.com/view/ssl-switcher
I'm willing to pay to have this feature implemented as a plugin.
I really appreciate any help.
I already asked if this could be done some other way here:
http://community.mybb.com/thread-130632-...60250.html
Echo
Please plugins developers, would someone help me with this? I'd pay to get this done...
On the light of the latest news about the NSA snooping, monitoring and storing everyone's data in the internet, I believe it is of utmost importance to get MYBB ready to use https in an EASY way, be it a plugin or built-in.
My discussion forum is about this totalitarian government we see raising around us, this big-brother snooping government agencies that want more and more data about the inocent people. So the almost 10.000 are justifiably concerned that I still haven't implemented https (SSL over http) to protect them from being spied and profiled.
I ask for help on this, but on behalf of everyone that still has any idea of what privacy means.
(2013-07-13, 06:52 AM)Jammerx2 Wrote: [ -> ]I just made a simple plugin for this, it should allow you to make certain groups (all by default) be forced to use SSL connections. If you have any problems let me know.
https://github.com/Jammerx2/Force-Group-SSL
Thanks @Jammerx2
So your plugin will force https after someone is logged, or everyone, right?
I need the login information to be sent over https, and also every subsequent request after logged in.
I believe that another thing that would have to be done is to replace http by https in the forum resources and in the post content as well, to avoid the http inside https warning. Does this plugin does that?
(2013-01-15, 03:16 PM)echofloripa Wrote: [ -> ]it seems that https can take quite a bit of load on the server
[citation needed]
The evidence doesn't seem to agree with you.
Quote:In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.
https://www.imperialviolet.org/2010/06/2...g-ssl.html
Not using SSL across the entire site opens you to security attacks. In particular, logged in users would still be vulnerable to sslstrip style MITM attacks.
This will force it for groups you specify after they're logged in. If you need the logins sent over HTTPS you could try modifying the member_login template and the quick login template (I don't know what it's called if there is one) to make the form action go over HTTPS. Doing that will make it so logging in will always be over HTTPS, and if a user leaves the site and comes back my plugin will force them to go back to HTTPS. I just modified the plugin to make all links and images go over HTTPS if you access the site using HTTPS.
(2013-07-16, 01:27 AM)Jammerx2 Wrote: [ -> ]This will force it for groups you specify after they're logged in. If you need the logins sent over HTTPS you could try modifying the member_login template and the quick login template (I don't know what it's called if there is one) to make the form action go over HTTPS. Doing that will make it so logging in will always be over HTTPS, and if a user leaves the site and comes back my plugin will force them to go back to HTTPS. I just modified the plugin to make all links and images go over HTTPS if you access the site using HTTPS.
Great Jammer, I will test the plugin later today!
Are there any risks in breaking the forum?
(2013-07-16, 08:43 PM)echofloripa Wrote: [ -> ] (2013-07-16, 01:27 AM)Jammerx2 Wrote: [ -> ]This will force it for groups you specify after they're logged in. If you need the logins sent over HTTPS you could try modifying the member_login template and the quick login template (I don't know what it's called if there is one) to make the form action go over HTTPS. Doing that will make it so logging in will always be over HTTPS, and if a user leaves the site and comes back my plugin will force them to go back to HTTPS. I just modified the plugin to make all links and images go over HTTPS if you access the site using HTTPS.
Great Jammer, I will test the plugin later today!
Are there any risks in breaking the forum?
Nope, it doesn't make any changes that would break the forum.
I tried to use SSL couple of months ago if I remember, not sure what plugin I used to replace some URLs to HTTPs, but that did indeed broke the forum. Images and CSS files weren't loading, to remember on top of my mind.
I'll try yours Jammer maybe, not sure which one I used initially.