This site lacks HTTPS encryption, not secure!

Get help or Post your problems with the forum here.
Post Reply
Evan1
Posts: 7
Joined: May 19th, 2019, 11:21 pm

This site lacks HTTPS encryption, not secure!

Post by Evan1 »

homebuiltrovs.com lacks HTTPS (aka TLS) encryption. Take a look at the web address. It starts with http. No "s" at the end. This means that every time anyone logs in, their password is sent over the internet unencrypted, in plain text. This means that someone could conceptually steal your password. In order to steal your password the attacker would have to be on the same network as you. For example, if you were accessing this site via communal wifi at a coffee shop or via cell service.

My recommendation for the site owner Steve- Upgrade the login page to HTTPS as soon as possible. Upgrade the entire site to HTTPS eventually.

My recommendation to users of this site- Use a unique password that you do not use for any other website. You should be ok with this password being stolen. Do not log into homebuiltrovs.com on a public wifi network of via your cell phone.


Sorry for being the bearer of bad news but I believe the security of this site is important and I wanted to raise the issue!
Evan1
Posts: 7
Joined: May 19th, 2019, 11:21 pm

Re: This site lacks HTTPS encryption, not secure!

Post by Evan1 »

Also, thank you Steve for running this site, it's a great source of knowledge and you I appreciate the work you have done so far!
User avatar
admin
Site Admin
Posts: 41
Joined: Mar 1st, 2010, 11:41 am

Re: This site lacks HTTPS encryption, not secure!

Post by admin »

Well your not wrong.... :D and I appreciate the concern. The truth is I haven't updated anything on this site in a long time and it's not a real high priority in my life right now. The thing is I started this site (probably) before WiFi or HTTPS were even a thing and while were at it the forum software is also so out of date. I think I tried to update to HTTPS at one point a year ago but never could figure it out (or it cost $) so I gave up. I thought about converting the site to a WordPress site where everything would be secure but I would probably lose all of the forum info in doing so because I really don't know much about website stuff and I have just been faking it for years. :lol: There's probably only a handful of people who actually log in to use the site anyway so for now I'd have to say if anyone is really that worried about getting compromised either use a unique password for this site only (like Evan mentioned) or don't log in. If I ever find the time I eventually get around to trying to update things but at the moment I just don't have the time in life.

-admin :grip:
User avatar
admin
Site Admin
Posts: 41
Joined: Mar 1st, 2010, 11:41 am

Re: This site lacks HTTPS encryption, not secure!

Post by admin »

OK it took 3 years :lol: but the forum should be HTTPS compliant now (keyword being "should".) Either that or I just locked everyone out. :?

-Admin :grip:
Post Reply