SSL
- Thread starter Dylan2
- Start date
- Status
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.
That would take up a lot of space for MCM.
No??? Wtf? MCM has plenty of space for some IMAGES, tell that to RESOURCES, now THAT takes up space eh? Have you ever done websites?
Couldn't you use lets encrypt? (Don't kill me please I'm a noob at this stuff)
Lets Encrypt provides them for free. (Addressing B)
It's not the problem of getting a cert
Your wrong
He's actually not. I own several other websites and I found this out from personal experience. It's also not just me. Others have reported this too. Nonetheless, as stated in my update: SSL is planned and will be implemented eventually.
Our setup is a bit more complicated than others so it's not as easy.
Oh, I woulda though that Google hosted all the ads & shit but oh well. I stand corrected, best of luck on implementing it
Hi there, sorry for the bump, but you guys may want to consider implementing SSL soon, Chrome is going to begin labeling sites that accept passwords and that aren't using HTTPS as insecure in January.
Last edited:
With the amount of revenue this website is generating, I don't see why installing a free SSL would ever be an issue. The time is definitely paid for.
Money isn't really a problem when it comes to buying a certificate. I'd rather have something better like a EV SSL certificate.
I'm fully aware of this. This is a cosmetic and won't really change much just yet.
We're taking a different approach when it comes to implementing SSL. Another site I recently implemented it on received a 40% drop in Ad revenue which is a lot. I've heard people get more so it depends from site to site. I'm not really greedy or anything but at that point we should be worried about breaking even. Just look at major news sites. TheVerge, NewYorkTimes, The Huffington Post, etc etc. None of them have SSL because the drop you get in ad revenue is crazy.
IGN took a different approach for their forum(which I'm aiming for aswell eventually). I don't really need the entire site to be SSL. We don't need SEO Improvements that bad either. I also don't care about Google giving a little red cross over the URL.
The main reason why I want SSL is to encrypt passwords. Nothing else, just passwords. My idea was to get a subdomain, something like "https://auth.mc-market.org" where users login and register. The rest of the site would still remain regular HTTP until I find a more effective way of dealing with the Ad revenue drop. You'd access the site itself through the regular URL but the logging in/registering would happen through a encrypted version of the login/registration form. You won't really notice any difference from what you're seeing now except for the fact that all your traffic would be encrypted.
To see IGN's system: http://www.ign.com/boards/
Click on Sign in/Register > Inspect element and note the login form goes to https://s.ign.com.
Oooo, you fancy!
Mixed content can be solved by adding HSTS and "Upgrade-Insecure-Request" header with the HTTP server. Additionally I don't think securing auth.* will solve the security problem since your cookies would be used on an insecure protocol throughout the website so session side-jacking is possible.
- Status
