Enable SSL encryption by default

If you have constructive comments or suggestions about the Phrozen Keep for the staff, please post them here. Please note: this is not a forum for discussing mods or modmaking.

Moderators: Admins, Tech Support

Post Reply
FearedBliss
Posts: 45
Joined: Sat Oct 16, 2010 4:29 pm

Enable SSL encryption by default

Post by FearedBliss » Sat Jun 10, 2017 2:32 pm

Hello folks,

I noticed that when

- logging in
- changing my password in control panel

The website provides no encryption. This is a huge security vulnerability. Can you please activate SSL by default on your site? It wouldn't be too difficult to do since now you can get free SSL certificates through "Let's Encrypt". You can also use their automatic scripts to auto-renew the certificate every 3 months.

Also, when enabling SSL by default, you can use SSL Redirects on your :80 connections so that they are automatically redirected to the :443 secure equivalents.

https://letsencrypt.org/

- Jonathan

Post Reply

Return to “Feedback”