An SSL certificate, issued by Sectigo Ltd., has been installed today for miniBB.com domain, that means, by now (temporarily) you could access all sections on this domain both as entering http://www.minibb.com/ or https://www.minibb.com/.

After some period of testing, all sections will be slightly moved to SSL (https) only.

Paul, did you consider to stay with both versions (http + https) *without* forced redirection to https?

No, I didn't.

What would be the sense of it?

1. SSL doesn't provide 100% accessibility by all browsers (regular http doesn't have this problem). Having website in both http and https you provide 100% accessibility to all users ,even those with outdated browsers.

2. SSL is only useful for secured data submission and transfer. For example, you could switch to https (check box) while logging in or when logged in. Public pages are opened to everyone, they don't have to be protected by SSL at all.

3. On forum, you have BB-code: [img]. This allows to embed images from external domains. If you have forums just via http, then embedding from http or https is not a problem. But if you have forums via https, then embedding from http brings a problem - the browser will say that the page with such images is only partially secured. There is no work-around for it, except you should allow to embed external images from https only, or do not allow such embedding at all (this could limit users).

4. You have a website indexed via http. It takes times to re-index the site via https. You could lose some traffic during this period, which could last months.

Bet Ween
#1 - you are right, but it's hard to get to the end user... I'm not sure if it would be easy to anyone to get into an advanced logging option. Seeing straight that you are on https in whatever area of the website feels warmer. Also, I've heard that Google likes https-based websites more than regular http ;)

#2 - I suppose, SSL also protects from phishing the browsing history, so it's not just about logins; however your suggestions sound reasonable and worth of consideration...

#3 - yes, ssl would be incomplete if some file are loaded from non-secured domains, and forum owners should always take it into consideration. As you wrote, ideally https forum owners should allow to include images only from https websites, or allow local file uploads. Not sure how we improve this here on miniBB forums, probably I will come up with some simple solutions :)

#4 - yes, it takes time, but nowadays not so long... so this is not quite important.

Paul, you've wrote earlier that you don't take much care about Google :)

Your thoughts are reasonable, too. I am staying with constant SSL and just wanted to know your opinion. Just remember to update SSL certificate in-time. If you have HTTPS-only website and forget to update certificate,your website is broken :(

Awairing your solutions... curious to see what they are about :)

It's true :-) but others do care...

I think one of reasons to hype the SSL-hysteria was exactly about sorting out "wrong" sites, so if a website is alive/active/take care then it means the owners will handle the certificate update in-time. Setting up a reminder properly should help on it :)

A wide guide is now published to help switching your forums or domain properly to SSL / https.