Jump to content

Avoiding Google Security Warnings

Google has recently been stressing that sites should use secure connections (served via HTTPS) whenever possible. They have recently also started warning sites that collect password on non-secure pages and will also be updating Google Chrome to warn users when a password is being entered on a non-secure page. You can read more information at Google and a good article on Ars Technica.

There are two ways on IPS Community Suite to avoid these alerts. Keep in mind that doing nothing will not cause you any problems, your site will still work, but users will get warnings and this may impact how people perceive joining your community.

 

Make your Community 100% Secure

The easiest option is to make every page on your IPS Community Suite use a secure connection. To do this you would need to ensure your web host has HTTPS support enabled on your site and then simply edit conf_global.php and change the URL field to https:// and that's it.

One thing to keep in mind is that your users, if you allow it, can still paste in links to externally hosted images which might not be secure. This does not impact the security of your site but it may generate a browser warning indicating your site has "mixed content" meaning some is secure and some is not. You can optionally enable the Image Proxy feature to make externally linked images route through a proxy on your local server to maintain 100% secure content.

Posting 2017-01-26 13-40-47.png

Image Proxy Options

 

Only Login/Registration Forms and AdminCP Secure

If you prefer not to use HTTPS for your entire site, we do have a setting to only use secure connections for login, registration, and AdminCP. 

Login Settings 2017-01-26 13-42-09.png

Use HTTPS for Logins and AdminCP

When the login-only secure option is enabled the quick login drop down is also disabled and instead users are sent to a full page to login. This is a small change required to avoid browser warnings. Although the quick login menu submits to a secure connection, the form field itself may show on a non-secure page which would generate a warning.

Forums - Invision Power Services 2017-01-26 13-44-09.png

Quick Login not Available when Login-Only HTTPS Setting Enabled

 

IPS Community in the Cloud

Those using IPS CiC can get secure connections for a $15 setup fee plus $5 month on our 40, 65 and 100 user Cloud plans. You can either bring your own certificate or we can provide one for you. On the 200, 450 and 750 plans, SSL is completely free - again, either your own or we can provide one.

Edited by Charles


×
×
  • Create New...