Should I Require HTTPS?

I think I’ve pretty much got https working on this blog. At present it will serve up both unencrypted or encrypted versions depending what you ask for. The encrypted version is, at least on my computers, noticeably slower to turn up.

So the question is, What do I do now? Should I turn of http and forward all traffic to https? If I do so, should I remove the remaining insecure items, which I take to be the counters and the little map that shows where visitors come from? Is there a free counter somewhere that is https compliant? If I don’t force https, what’s the point of having the encrypted version there if almost no one other than the people running EFF’s great https-everywhere plugin will ever see it?

This entry was posted in Cryptography, Discourse.net. Bookmark the permalink.

One Response to Should I Require HTTPS?

  1. David says:

    Although I personally would not bother; consider putting it on any page with input fields (ie, comments or login — although presumably your wp-login page already does https).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.