1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 How do I force SSL to login/register forms only?

Discussion in 'Installation, Upgrade, and Import Support' started by Marks534, Sep 24, 2016.

  1. Marks534

    Marks534 Member

    So I'm looking to implement SSL into my site but as most of you know, a drop in adsense revenue is possible. So the only benefit I'd like to get out of SSL is the security.

    I'm basically looking to force all my login and registration forms over SSL. I've seen other forums do it so it's definitely possible. They basically iframed a seperate login/register form into their web pages. Usually something like 'https://auth.forum.com'.

    Could I get some more explanation on what the best way would be to approach this?
  2. Mouth

    Mouth Well-Known Member

    Not any more, that's really old information/experience.

    Possible, but provides no value or any real extra security.

    Just make your whole site SSL/HTTPS.
  3. Marks534

    Marks534 Member

    How is it old experience?

    Pretty sure you can only display SSL compliant ads causing less ads to qualify for your website thus giving less pressure on bids.
  4. Mouth

    Mouth Well-Known Member

    Non ssl compliant ad providers on Adsense nowadays is very minimal, to the point of inconsequential.
  5. Pierce

    Pierce Well-Known Member

    Theres little point having ssl on ONLY the login, because the session data browsing the forum is constantly transmitted back and forth.

    Also need to encrypt all pages not to trigger Google chrome insecurity warnings.

    Guess what that means? SEO will require the site to be HTTPS (and as the site moves to http2, it will speed up your site too). Think of it like this, Google delivers the -best- results for search every time.

    They server your unencrypted page that may show an "Insecure site warning" most people will click back straight away. Google monitors these actions and your site will be penalized for massive bounce rates/low engagement time due to users not understanding.

    thedude likes this.
  6. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

  7. Solidus

    Solidus Well-Known Member

    Yep, just use SSL everywhere. I made this move over a year ago and took no hit to revenue.
  8. Jim Boy

    Jim Boy Well-Known Member

    Google will penalise you if you aren't using SSL - you wont lose any revenue by switching to 100% SSL

Share This Page