Welcome to Rise Forums

Join our fantastic community to connect with like-minded website owners, WordPress users, and online entrepreneurs.

Implementing Ssl On Rise Forums

Discussion in 'Hosting & Domains' started by Kevin Muldoon, Jan 23, 2017.

Thread Status:
Not open for further replies.
  1. I got an email from Google today about moving Rise Forums over to SSL.

    I will need to move the forum over to HTTPS since passwords etc are used. If I don't, a Not Secure message will be displayed to users.

    Non-Secure Collection of Passwords will trigger warnings in Chrome 56 for https://www.riseforums.comthreads/oberlo-and-shopify-the-perfect-dropshipping-solution.2830/

    The new warning is the first stage of a long-term plan to mark all pages served over the non-encrypted HTTP protocol as “Not Secure”.

    Here’s how to fix this problem:
    Use HTTPS pages to collect sensitive information

    To prevent the “Not Secure” notification from appearing when Chrome users visit your site, move collection of password and credit card input fields to pages served using the HTTPS protocol.

    Read the WebFundamentals article
    Need more help?[/paste:font]
    • Find out more about this change in the blog post “Moving Towards a More Secure Web”.
    • Find out how to Secure your site with HTTPS.
    Ask questions in our forum for more help – mention message type [WNC-10026400].
    The article they are referring to is at https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn

    I tried to implement it tonight using this guide, but it generated a few errors on CloudFlare so I quickly reverted the changes. I'll give it a try again at night when the forum is quieter.

    I can get an SSL certificate via CloudFlare free so that's the route I think I will go down.

    Before I attempt it again, I'd love to hear from those of you who have made this change already. Are there any steps I need to be careful of?

    Thanks,
    Kevin
     
  2. I got the same message for wildfact.com
    And planning to do the same. I am thinking of using Let's free ssl, but unfortunately my host does not allow it.
    I am thinking of moving my server to cloud and I will implement it.
    Some important thing to note is, You have to change each and everything to https from http viz, database instances, html, php files etc.
    Once you will move to SSL for long time, I have heard there is no going back.

    I will do it in February
     
  3. I get the impression I didn't change it everywhere. There was advice on how you can update your database, but I was wanting to do that step last.

    It sounds like I will need to change everything.

    I will need to set aside a day to do it and make sure I document every step so that I can undo the changes if necessary.
     
  4. Any dynamic site should be pretty easy - you'll have some variable like $site_url which needs to be changed from "http://example.com" to "https://example.com". For pseudo-dynamic sites (read: blogs), you will need to update all of those instances where you referenced your own site within the database. Until that's done, you can get by with an .htaccess redirect - here's some basic instructions.

    I think that's reason enough to move hosts. Anything above shared hosting should allow you to implement SSL however you see fit, unless there is a solid security reason not to.
     
    Kevin Muldoon likes this.
  5. They allow to implement ssl, but I have to buy from them, they do not support the free Lets's
     
  6. Sanjay Ojha likes this.
  7. Good article Rhys.

    I was going to use Cloudflare for my SSL certificate as they offer it free. I'll make sure I check a few tutorials before I attempt it.
     
  8. #8 BrinWilson, Jan 25, 2017
    Last edited: Jan 25, 2017
    Firefox are ahead of Chrome here - they're already marking non-https sites (like the current RiseForums - or any non-https WordPress site login page for example) as 'Not Secure' with a little diagonal red line through a grey padlock to the left of the URL (note: I took a screenshot, but can't see how to upload it to the thread? How would I do this btw Kevin?).

    - also, a number of hosts are already offering free Let's Encrypt certificates (so may be worth seeing if your current host does) - could be a nice alternative to going the CloudFlare route perhaps.

    In fact, I recently put a post up on WinningWP on WordPress hosts offering these for free (slightly similar to Rhys' post above but from a slightly different angle - focusing more on just the hosts): https://winningwp.com/wordpress-hosting-companies-offering-lets-encrypt/

    - and there's also a much more generic (i.e. for not only WordPress hosts) list been put together too: https://community.letsencrypt.org/t/web-hosting-who-support-lets-encrypt/6920
     
    Kevin Muldoon likes this.
  9. You should have an upload file button in your editor. Is it not there?

    I'll definitely need to tackle this soon if Firefox users are seeing a non secure message. Got my tax to do this weekend so I can try it after that's out the way :)
     
  10. Screen Shot 2017-01-27 at 12.20.21.png
    - oh wow was I being blind. I looked across the top of the editor a few times and ont until today thought to check below... lol

    Here's the image I wanted to upload: of the new Firefox "Not secure" icon - top left.
     
  11. p.s. only appears when not logged in it seems.

    - nope: take that back. It's appearing again now (even though logged in) - not sure why but it isn't always there... weird.
     
  12. I will need to get this done this week. Looks like all browsers are making it a priority now.
     
  13. @Kevin Muldoon , Don't forget to make a tutorial or blog while doing it. It will help many. I am also looking to do it asap.
     
    Kevin Muldoon likes this.
  14. Seconded :)
     
    Kevin Muldoon likes this.
  15. #15 Kevin Muldoon, Feb 8, 2017
    Last edited: Feb 8, 2017
    I've set SSL up now. I think everything is setup ok.

    I actually did everything correct last time. Well, almost. I made a mistake by adding in an additional redirection step to my .htaccess file that wasn't necessary.

    I know you guys were keen on me making a tutorial, however all I have done is followed this guide at XenForo.

    https://xenforo.com/community/resources/how-to-implement-ssl-to-secure-http-traffic-https.5425/

    The guide is specific to XenForo, but if you sign up and look at the guide you may find it useful :)
     
  16. Well Kevin, to read the above instruction, they (Xenforo) wants us to be a licensed XenForo customer :(
     
  17. Ahhhh. OK.

    The instructions are all specific to XenForo so I am not sure how useful they would be for other platforms.

    The key part is to put this in your .htaccess file.

    Code:
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    The other changes are related to references to http instead of https across fields and the design etc. The process wasn't that difficult.

    There was a part that said if the above code didn't work to use a different code. Initially I made the mistake of adding both pieces of code.
     
  18. A good move. HTTPS plays a vital role in SERPs too.
     
Thread Status:
Not open for further replies.

Share This Page