Should I Require HTTPS?

I think I’ve pretty much got https://www.discourse.net”>unencrypted or encrypted versions depending what you ask for. The encrypted version is, at least on my computers, noticeably slower to turn up.

So the question is, What do I do now? Should I turn of http and forward all traffic to https? If I do so, should I remove the remaining insecure items, which I take to be the counters and the little map that shows where visitors come from? Is there a free counter somewhere that is https compliant? If I don’t force https, what’s the point of having the encrypted version there if almost no one other than the people running EFF’s great https-everywhere plugin will ever see it?

This entry was posted in Cryptography, Discourse.net. Bookmark the permalink.

One Response to Should I Require HTTPS?

  1. David says:

    Although I personally would not bother; consider putting it on any page with input fields (ie, comments or login — although presumably your wp-login page already does https).

Comments are closed.