As many of you have noticed, UER is served over plain-old, unencrypted HTTP. Over the past few years there has been a trend to push SSL to many popular sites (and most can admit this is a popular site).
Unfortunately, UER still seems behind the times, especially considering that Let's Encrypt provides free certificates to enable this capability not to mention plethora of community scripts for most major web servers (e.g. IIS on which this site is hosted).
Furthermore, many browsers now display a warning for non-SSL logins (as in the case of UER).
And to end on a hilarious note, just this week:
https://arstechnic...gin-page-insecure/ "Your notice of insecure password and/or log-in automatically appearing on the log-in for my website, Oil and Gas International, is not wanted and was put there without our permission," a person with the user name dgeorge wrote here (the link was made private shortly after this post went live). "Please remove it immediately. We have our own security system, and it has never been breached in more than 15 years. Your notice is causing concern by our subscribers and is detrimental to our business."
|