MyBB Community Forums

Full Version: SSL required
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Was just reading a report over SSL certificate and browsers and google where planning to block non secure sites.
In that article (in dutch, so no need to link to it I guess) they where pointing out that Chrome, Firefox and Edge in nearby future wil block all non secure site, and that Google is planing to stop indexing and showing result of Http site, and just show Https. 

Not 100% shore if this is true, but if it is, is this something MyBB will include as default in nearby updates?
(know it's possible to make this version of MyBB to Https, doing that on my forum).

And IF Google wil stop indexing non ssl sites, how much time can we expect we have before they actually turning that button?

   
Thoughts ?
I can see it possibly happening in the future, but not anytime soon.

Of the top 1,000,000 websites - only roughly 45% of these are TLS enabled currently. I doubt many of them even have plans to migrate their websites to HTTPS mostly due to them not dealing with potentially private information such as passwords on a regular basis.
I doubt they will do this, for non-profit sites and personal blogs HTTPS certificates are an unneeded expense and hog resources.
Google’s Gary Illyes claimed that only 10% of the crawled sides where ssl sites, BUT 30% on the first page google result (when searching) where ssl sites. So with other words, it boots the ranking a lot.

BUT he did continue, "we will make shore that websites people access from Google are secure!".

And there is a bit of my reason for asking, IF google are planing to have some sort of control if a site is secure or not, well, the most easy way is for google to look at ssl as a evidence that the site is in fact secure.
For many sites it does not matter if the site is secure or not, no login, no payment, only a blog, a poem or picture from grandpa. 
But if google is forcing this true, well, guess we can remember for about 3 years ago when they over night did change the requirement for ssl (1) on chrome, ending up in a huge support issue.
While in most cases TLS certificates have to be set up manually, MyBB 2.0 is going to make running your forum on HTTPS easier: http://community.mybb.com/thread-191635.html (1.8 requires plugins)

(06-03-2016, 10:07 AM)Tactrus Wrote: [ -> ]I doubt they will do this, for non-profit sites and personal blogs HTTPS certificates are an unneeded expense and hog resources.
https://developers.google.com/web/fundam.../why-https
https://https.cio.gov/everything/
Interesting links Devilshakerz.

Some words that must get us thinking:
"protecting less sensitive sites strengthens the protections of more sensitive sites."

"One common misconception about HTTPS is the belief that the only websites that need HTTPS are those that handle sensitive communications. Every unprotected HTTP request can potentially reveal information about the behaviors and identities of your users. Although a single visit to one of your unprotected websites may seem benign, some intruders look at the aggregate browsing activities of your users to make inferences about their behaviors and intentions, and to de-anonymize their identities."

By the way, SSL does doesn't have to cost anything, you can get the certificate for free, the only problem is that some ISP does not support that, and want you to buy one of they're SSL Certificate.

BUT IF Https will be used buy all isp by default in the future, I guess all ISP will offer a free SSL to it's customers
My host has added the "Let's Encrypt for cPanel" I now have all my sites https for free.