XF 1.5 How do I force SSL to login/register forms only?

[Marks534]

So I'm looking to implement SSL into my site but as most of you know, a drop in adsense revenue is possible. So the only benefit I'd like to get out of SSL is the security.

I'm basically looking to force all my login and registration forms over SSL. I've seen other forums do it so it's definitely possible. They basically iframed a seperate login/register form into their web pages. Usually something like 'https://auth.forum.com'.

Could I get some more explanation on what the best way would be to approach this?

 

[Mouth]

a drop in adsense revenue is possible

Not any more, that's really old information/experience.

I'm basically looking to force all my login and registration forms over SSL. I've seen other forums do it so it's definitely possible

Possible, but provides no value or any real extra security.

Could I get some more explanation on what the best way would be to approach this?

Just make your whole site SSL/HTTPS.

 

[Marks534]

Not any more, that's really old information/experience

How is it old experience?

Pretty sure you can only display SSL compliant ads causing less ads to qualify for your website thus giving less pressure on bids.

 

[Mouth]

Pretty sure you can only display SSL compliant ads causing less ads to qualify for your website thus giving less pressure on bids.

Non ssl compliant ad providers on Adsense nowadays is very minimal, to the point of inconsequential.

 

[Pierce]

Theres little point having ssl on ONLY the login, because the session data browsing the forum is constantly transmitted back and forth.

Also need to encrypt all pages not to trigger Google chrome insecurity warnings.

Guess what that means? SEO will require the site to be HTTPS (and as the site moves to http2, it will speed up your site too). Think of it like this, Google delivers the -best- results for search every time.

They server your unencrypted page that may show an "Insecure site warning" most people will click back straight away. Google monitors these actions and your site will be penalized for massive bounce rates/low engagement time due to users not understanding.

Pierce

 

[Jake Bunce]

I tried and apparently failed:

https://xenforo.com/community/threads/redirect-https-to-just-one-page.115901/

Just make everything SSL.

 

[m1ne]

Yep, just use SSL everywhere. I made this move over a year ago and took no hit to revenue.

 

[Jim Boy]

Google will penalise you if you aren't using SSL - you wont lose any revenue by switching to 100% SSL