Without using SSL

  • I’m setting up a site for a small club (less than 40 members) where most of the site requires a login, using the Simple WordPress Membership plugin.
    I think it is this plugin that is throwing up SSL issues some of the time. (I’ve only had Firefox complain about not having an SSL certificate once, and the club’s president has also. But no one else is set up with access yet. Other browsers and onther devices haven’t been a problem for me, though I’ve not been systematic about testing.)

    The most significant personal data behind the login is likely to be members photos, names and possibly email and/or phone numbers though nothing is definite yet.
    There is unlikely to be any monetorisation of the website.

    The host is 123Reg, and as far as I can see, their SSL price will roughly double the cost of the hosting. Having persuaded the club to invest in a self hosted website (and stop using their old wordpress.com site) it won’t be easy to persuade them they need to add another regual payment for an SSL certificate.

    How necessary is an SSL certificatein the circumstances?
    Is there a way to stop browsers using https?
    (Or have I completely misunderstood how it all works?)

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Browsers (Chrome and Firefox) are going to start complaining about pages that request passwords when those pages are not SSL encrypted. It’s not something you can control. So you can either tell your members to ignore it or get an SSL certificate.

    Certificates from LetsEncrypt are free — check with your host to see if they support that. If not, you might consider changing to a host that does.

    https://community.letsencrypt.org/t/web-hosting-who-support-lets-encrypt/6920

    (Note: Let’s not turn this into a discussion of hosting.)

    Thread Starter eyeghoti

    (@eyeghoti)

    I’d already looked at the list on Lets Encrypt, but unfortunately the host isn’t listed.
    I’ll look into switching hosts come renewal time.

    Hi @eyeghoti

    An alternative to moving hosting providers or purchasing and SSL Certificate would be to use CloudFlare and take advantage of their features including SSL on their free plan.

    Regards

    Thread Starter eyeghoti

    (@eyeghoti)

    Thanks for the suggestion Eddy.
    Unfortunately, despite having read several of their web pages and watched a couple of their videos, I still haven’t a clue what CloudFlare actually is. Is it a plugin? Or a service through which your all your web traffic is diverted? And how does it work?

    Hi @eyeghoti

    CloudFlare accelerates and secures your website by acting as a proxy between your visitors and your Web Host.

    CLoudFlare provides name servers that you will need to set as your authoritative name servers for your domain. This allows CloudFlare to clean and accelerate your traffic as all requests to your website are now routed through CloudFlare.

    You can then manage all your DNS records through CloudFlare. When creating an account with CloudFlare they will scan your current DNS records and copy them to their side so that you wont need to manually configure them again.

    The hardest part if I can say, is that you will need access to modify the domains authoritative name servers with your current Domain Registrar. Once the name server updates have been made and applied CloudFlare will start delivering your website content through their Content Delivery Network.

    Here is a link to there official getting stated guide, it explains everything in more details:

    https://support.cloudflare.com/hc/en-us/categories/200275218-Getting-Started

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Without using SSL’ is closed to new replies.