SSL Certificate, please add this.

[Aderm]

I've seen other threads on this, and it was denied because it costs money.
Thing is, cloudflare provides a free ssl in their Security tab.

Why SSL?
It's secure. It encrypts logins and data transmitted between the user and server.

What about external images using HTTP?
Xenforo has an image proxy built right into it, find it:
Settings > Options > Messages > Image and Link Proxy

Please, please add this. It's so simple and gives extra security.

 

[matthewp]

Its 2017, how can you not have an SSL certificate tbh. You can even get "free" ones using lets encrypt and cloudflare.

About this, it should be added, end of suggestion.

 

[Eric]

This is a security standard in 2017, it shouldn't be up to the community to suggest this; it should already be implemented.

 

[Compgeek28]

It's not that SSL itself would cost a significant amount of money, but the loss of revenue from google adsense due to the massive reduction in available and highly profitable ads created for SLL sites would be equally massive.
The fact that MC-Market doesn't actually handle any significant personal information coupled with that loss of revenue every day that we're encrypted makes it a tough move to even consider just for the sake of "looking" safer with the s at the end of our http.

Personally, I'd like for it to be added in the future, if only for that sake of "looking better" for kiddos who are obviously overly concerned; with some sort of counter measure to the loss in revenue, perhaps offering up ads in place of google adsense ads, (which would also only be seen by non-premium members, though, there's no way they'd sell as much as our sidebar ads)
Ideas for the future are good.
However, I'm growing tired of seeing this suggestion made over and over and argued amongst people who honestly have no idea exactly what SSL does to make a site like us "more secure".

I don't understand your adsense claim. Even google themselves state that there will be no loss of the number of ads being displayed.

From their site (https://support.google.com/adsense/answer/10528?hl=en):

HTTPS-enabled sites require that all content on the page, including the ads, be SSL-compliant. For most users, AdSense ad requests are always SSL-compliant and always served over HTTPS, even when the surrounding site is HTTP. The same ads compete in the auction, so switching your site to HTTPS will have no effect on the ads most users see, or on auction pressure. The only exception is for users located in countries that block or otherwise degrade HTTPS traffic.

So could you please back up your claim?

 

[Justis]

I don't understand your adsense claim. Even google themselves state that there will be no loss of the number of ads being displayed.

From their site (https://support.google.com/adsense/answer/10528?hl=en):

HTTPS-enabled sites require that all content on the page, including the ads, be SSL-compliant. For most users, AdSense ad requests are always SSL-compliant and always served over HTTPS, even when the surrounding site is HTTP. The same ads compete in the auction, so switching your site to HTTPS will have no effect on the ads most users see, or on auction pressure. The only exception is for users located in countries that block or otherwise degrade HTTPS traffic.

So could you please back up your claim?

I've never owned a site large enough to give a first hand account, as I'm sure you haven't either. All I have to combat google support's offhand claim are a couple testimonies by those who've actually made the switch:
http://crunchify.com/google-adsense-revenue-drops-after-moving-wordpress-site-over-to-https-ssl/
https://woorkup.com/google-adsense-https-support/
https://yakezie.com/207060/featured/why-you-should-delay-upgrading-to-https-ssl/
http://blognife.com/2016/10/26/switching-https-things-keep-mind/
https://news.ycombinator.com/item?id=11803716
https://www.webmasterworld.com/google_adsense/4819030.htm
https://productforums.google.com/forum/#!topic/webmasters/J3rv49cPKcE
https://www.liberiangeek.net/2015/09/migrating-my-blog-to-https-was-the-biggest-mistake-financially/
https://deconf.com/adsense-earnings-drop-moving-https-ssl/
https://www.webmasterworld.com/google_adsense/4697239.htm
https://www.seroundtable.com/https-google-adsense-19035.html

Google has always tried to push SSL onto sites.
Without a doubt, the loss of adsense revenue after switching to HTTPS has improved significantly.
From what I've gathered, many site owners were seeing profit drops 50%-90% back in 2014.
Now, in 2017, those drops are more along the lines of 10%-30%
Google used to warn users that switching to SLL would cause adsense revenue to decline, however, it is likely that after having seen so much and continuing improvement in recent years, they decided that the still less (but not so much less) profitable ads were no longer necessary for them to officially acknowledge.

SSL is becoming the standard, and in time, maybe a time not so far from now, the loss of revenue really will be inconsequential to us. However, we do need to think about MC-Market and the effects our actions will have in our situation specifically. Right now. At this moment in time. No random person's testimony or a generalized statement by google can determine what's best for our site.

As I said in my previous post.
I would like to switch to SSL. Even if the only benefit was ease of mind for our users.
I would also like to prevent our revenue from dropping.
Given the above, one might think having both isn't possible, however, as I also previously stated, we should be coming up with alternative means of bringing in revenue for the site if we're going to be considering taking an action which will reduce that revenue.
When you take, you give back an equal or greater amount, that's the attitude necessary for success.
Again, if we stop arguing over SLL and start coming up with reasonable ways to replace the loss of funds we'd see if switching, we may even be able to afford the switch.

 

[MrAniman2]

I would also like to see this feature being implemented for various reasons already mentioned before.

I'm not familiar with how SSL works with Adsense but if revenue is the only issue then I would like to remind that a little while ago price for advertising and stickies in most active forum sections was raised...I'm not sure what was the reason behind this decision (since there were no explanation) but I believe this generates couple extra hundred per month...which could potentially be used to cover some expanses.

 

[hiimphil]

I've never owned a site large enough to give a first hand account, as I'm sure you haven't either. All I have to combat google support's offhand claim are a couple testimonies by those who've actually made the switch:
http://crunchify.com/google-adsense-revenue-drops-after-moving-wordpress-site-over-to-https-ssl/
https://woorkup.com/google-adsense-https-support/
https://yakezie.com/207060/featured/why-you-should-delay-upgrading-to-https-ssl/
http://blognife.com/2016/10/26/switching-https-things-keep-mind/
https://news.ycombinator.com/item?id=11803716
https://www.webmasterworld.com/google_adsense/4819030.htm
https://productforums.google.com/forum/#!topic/webmasters/J3rv49cPKcE
https://www.liberiangeek.net/2015/09/migrating-my-blog-to-https-was-the-biggest-mistake-financially/
https://deconf.com/adsense-earnings-drop-moving-https-ssl/
https://www.webmasterworld.com/google_adsense/4697239.htm
https://www.seroundtable.com/https-google-adsense-19035.html

Google has always tried to push SSL onto sites.
Without a doubt, the loss of adsense revenue after switching to HTTPS has improved significantly.
From what I've gathered, many site owners were seeing profit drops 50%-90% back in 2014.
Now, in 2017, those drops are more along the lines of 10%-30%
Google used to warn users that switching to SLL would cause adsense revenue to decline, however, it is likely that after having seen so much and continuing improvement in recent years, they decided that the still less (but not so much less) profitable ads were no longer necessary for them to officially acknowledge.

SSL is becoming the standard, and in time, maybe a time not so far from now, the loss of revenue really will be inconsequential to us. However, we do need to think about MC-Market and the effects our actions will have in our situation specifically. Right now. At this moment in time. No random person's testimony or a generalized statement by google can determine what's best for our site.

As I said in my previous post.
I would like to switch to SSL. Even if the only benefit was ease of mind for our users.
I would also like to prevent our revenue from dropping.
Given the above, one might think having both isn't possible, however, as I also previously stated, we should be coming up with alternative means of bringing in revenue for the site if we're going to be considering taking an action which will reduce that revenue.
When you take, you give back an equal or greater amount, that's the attitude necessary for success.
Again, if we stop arguing over SLL and start coming up with reasonable ways to replace the loss of funds we'd see if switching, we may even be able to afford the switch.

You're way to tied up for MCM making the maximum revenue from AdSense. The profit drop won't be large at all, and I'm pretty sure MCM makes a nice amount of money for Mick anyway.

There's only a limited amount of bs excuses to use, and there is one reason to not use SSL, and honestly the amount of reasons why it should is insane.

I would like to switch to SSL. Even if the only benefit was ease of mind for our users.

Below that you stated that you'd not want to see the revenue drop. It might drop by up to $10-35 a month, which is nothing.

 

[Jdsgames]

Google has always tried to push SSL onto sites.
Without a doubt, the loss of adsense revenue after switching to HTTPS has improved significantly.
From what I've gathered, many site owners were seeing profit drops 50%-90% back in 2014.
Now, in 2017, those drops are more along the lines of 10%-30%

Again, if we stop arguing over SLL and start coming up with reasonable ways to replace the loss of funds we'd see if switching, we may even be able to afford the switch.

Well, before we can talk about alternative solutions to combat the revenue loss I believe we need to understand how much this 10-30% is for the site. As you cannot keep raising pricing for ads/ranks to 'balance' the solution it will eventually fall through.

 

[Justis]

Well, before we can talk about alternative solutions to combat the revenue loss I believe we need to understand how much this 10-30% is for the site. As you cannot keep raising pricing for ads/ranks to 'balance' the solution it will eventually fall through.

A year ago, just 10% of MC-Market's adsense revenue was over $100 a month.
It's undoubtedly grown since then, due to our site's traffic having grown since then.

 

[Ajdin]

Again, if we stop arguing over SLL and start coming up with reasonable ways to replace the loss of funds we'd see if switching, we may even be able to afford the switch.

You're asking members to find ways to generate money on a site they don't have analytical access to. I don't think that's a good approach. It's up to the management to do this, not the users.

Well, before we can talk about alternative solutions to combat the revenue loss I believe we need to understand how much this 10-30% is for the site. As you cannot keep raising pricing for ads/ranks to 'balance' the solution it will eventually fall through.

To be fair, I think it isn't up to the users to find ways for the site to generate revenue.

Mick has just voiced his opinion on this in the shoutbox to me and I don't have much hopes for it. He simply doesn't understand the importance and doesn't want to bother.

 

[Ajdin]

Must you take shots at Mick constantly over nonsense like this?, not professional at all
As of now you are just like anyone else here- besides your previous position working here.

Yeah adding a SSL cert. would be nice but to harass Mick somewhat like that is just pointless

Sorry but where did I harass him in my post?

 

[Justis]

Mick has just voiced his opinion on this in the shoutbox to me and I don't have much hopes for it. He simply doesn't understand the importance and doesn't want to bother.

You brought up some points during a long conversation with him, he said he'd look into it as he was leaving the shoutbox.
You laughed and said "You'll look into it?"

Then come on this thread tagging him saying he doesn't want to bother or understand the importance.

Having been a staff member before, you know quite well where the line is on harassment and are careful to avoid crossing that line and getting warning points. But your attitude is pointed and degrading; and the way you twist people's words and motivations has grown to nothing short of repulsive.
It's not necessary. It's not respectful at all. It doesn't belong here.

 

[Ajdin]

You brought up some points during a long conversation with him, he said he'd look into it as he was leaving the shoutbox.
You laughed and said "You'll look into it?"

Then come on this thread tagging him saying he doesn't want to bother or understand the importance.

Having been a staff member before, you know quite well where the line is on harassment and are careful to avoid crossing that line and getting warning points. But your attitude is pointed and degrading; and the way you twist people's words and motivations has grown to nothing short of repulsive.
It's not necessary. It's not respectful at all. It doesn't belong here.

The points were already addressed in this thread but he literally gave 0 attention to it. It has 90 replies. Probably one of the most popular suggestions in a while.

I'm glad it has this attention. I was hoping attention would result in some sort of feedback.

Because this is a simple fact:

This is a security standard in 2017, it shouldn't be up to the community to suggest this; it should already be implemented.

 

[hiimphil]

I'm pretty sure Ajdin already said about the EU Law, and that you are required to have a SSL certificate to stay operational in the EU.

So Mick - if you're required to do so, you're choice - keep EU members or put in a regional blocker.

Seeing that you're not actually responding to this conversation, even though you are active on the suggestions, I'll link you on how to disable 20-40% of the people on this website's access via CloudFlare.

http://support.hostgator.com/articl...-entire-region-or-country-from-seeing-my-site

 

[Aderm]

Still not added

 

[Azoro]

Still surprised this is yet to be added. Almost every modern website has SSL even if they do not require it for payments or other needs. I have it on all of my sites, it's literally free through let's encrypt or cloudflare. There is no reason not to have it, seeing a site in 2017 without SSL is like seeing a forums with a theme from 2006

 

[morganjp]

https://blog.sucuri.net/2017/08/google-warning-text-input-forms-october-https-ssl.html

This is a thing in both Chrome and Opera now.
Could be argued that not having SSL discourages people from logging in and signing up.

 

[Jdsgames]

https://blog.sucuri.net/2017/08/google-warning-text-input-forms-october-https-ssl.html

This is a thing in both Chrome and Opera now.
Could be argued that not having SSL discourages people from logging in and signing up.

This is also in Firefox and Edge. So this really does discourage users not to join. You are also inputting your password into the site which is what SSL also protects. Therefore if you do have similar passwords on sites (Like most users do) this is a security risk for not just them on this site but on other sites, they visit as well.

 

[Taafe]

Can confirm, keep getting popups warning site is not secure, can be quite annoying tbh.