Secure pages on posts https vs http

[Retiree_Having_Fun]

The home page is https but the subsequent child pages are just http? Any reason for this?

 

[mh]

I can’t think of a good one [emoji53]

 

[Alan]

There was an earlier thread on this issue here, with Janet giving the following explanation.

The login pages here are secure (httpS) but as noted by many, the rest of the site is not. We store no financial info or other sensitive content here and we long ago changed login pages (where password data is passed) to meet current security standards.

The primary reason for not changing the rest of the site is that we have thousands of links in posts to offsite images and content that are not https. ALL those links would break. As the www updates it will be easier to make this change but for now we would rather retain that content then break it.

 

[marko]

There was an earlier thread on this issue here, with Janet giving the following explanation.

Could these insecure pages be the source of your CC fraud charge you mentioned on another post? JUST KIDDING!!!!

 

[Alan]

Could these insecure pages be the source of your CC fraud charge you mentioned on another post? JUST KIDDING!!!!

Remarkable timing for sure

 

[jonat]

No, existing links won't break if you add an http to https rewrite in your server's .htaccess file. (Some web hosts have a control panel option for this redirect.)

One problem is that the cookie is transmitted insecurely and this allows for user spoofing. Another is that all the text sent and received is "in the clear" and can be intercepted. Also, Google downgrades search results for non-https pages.

Please make the whole site https. There's no good reason left to not do this.

 

[Sunset]

http is faster than https, which is why some sites are slow to change.

 

[GrayHare]

Some sites wisely permit both http and https so that the user can decide.