Google has recently been stressing that sites should use secure connections (served via HTTPS) whenever possible. They have recently also started warning sites that collect password on non-secure pages and will also be updating Google Chrome to warn users when a password is being entered on a non-secure page. You can read more information at Google and a good article on Ars Technica.
There are two ways on IPS Community Suite to avoid these alerts. Keep in mind that doing nothing will not cause you any problems, your site will still work, but users will get warnings and this may impact how people perceive joining your community.
Make your Community 100% Secure
The easiest option is to make every page on your IPS Community Suite use a secure connection. To do this you would need to ensure your web host has HTTPS support enabled on your site and then simply edit conf_global.php and change the URL field to https:// and that's it.
One thing to keep in mind is that your users, if you allow it, can still paste in links to externally hosted images which might not be secure. This does not impact the security of your site but it may generate a browser warning indicating your site has "mixed content" meaning some is secure and some is not. You can optionally enable the Image Proxy feature to make externally linked images route through a proxy on your local server to maintain 100% secure content.
Image Proxy Options
Only Login/Registration Forms and AdminCP Secure
If you prefer not to use HTTPS for your entire site, we do have a setting to only use secure connections for login, registration, and AdminCP.
Use HTTPS for Logins and AdminCP
When the login-only secure option is enabled the quick login drop down is also disabled and instead users are sent to a full page to login. This is a small change required to avoid browser warnings. Although the quick login menu submits to a secure connection, the form field itself may show on a non-secure page which would generate a warning.
Quick Login not Available when Login-Only HTTPS Setting Enabled
IPS Community in the Cloud
Those using IPS CiC can get secure connections for a $15 setup fee plus $5 month on our 40, 65 and 100 user Cloud plans. You can either bring your own certificate or we can provide one for you. On the 200, 450 and 750 plans, SSL is completely free - again, either your own or we can provide one.
Next week, IPS will be implementing the pricing changes to our product lineup that we published in 2015. In the spirit of Black Friday and Cyber Monday, we are extending an opportunity to purchase a new license or add new applications to your existing suite at 15% off our current pricing.
To take advantage of this offer, please use coupon code IPSPROMO16 at checkout. This promotion is active starting now and valid until 1 December 2016 (EST) and applies to new purchases only. We are unable to retroactively apply the discount.
This promotion also applies to Community in the Cloud for your first month of service!
If you’ve been waiting to purchase a new license or add products to your suite, this is the last opportunity to obtain this level of pricing! Happy shopping!
AlexWebsites reacted to Charles for a blog entry, Avoiding Google Security Warnings
