I noticed that when
- logging in
- changing my password in control panel
The website provides no encryption. This is a huge security vulnerability. Can you please activate SSL by default on your site? It wouldn't be too difficult to do since now you can get free SSL certificates through "Let's Encrypt". You can also use their automatic scripts to auto-renew the certificate every 3 months.
Also, when enabling SSL by default, you can use SSL Redirects on your :80 connections so that they are automatically redirected to the :443 secure equivalents.
If you have constructive comments or suggestions about the Phrozen Keep for the staff, please post them here. Please note: this is not a forum for discussing mods or modmaking.
1 post • Page 1 of 1