Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Moving to HTTPS

+3 votes
240 views
asked Jun 2, 2017 in Q2A Core by arjunsuresh
Is there any way to move the Q2A login to HTTPS? Moving the entire site is another options as it does allow private messages also to be encrypted. I have handled all plugins to be HTTPS safe but images are an issue. I can change the URL of images from http:// to // to be protocol free -- is this the right way to do? If so, why does not the ckeditor does this by default?
Q2A version: 1.8

1 Answer

+3 votes
answered Jun 3, 2017 by Scott
selected Jun 4, 2017 by arjunsuresh
 
Best answer
There's no option for this within Q2A. If you want only the login to be https, you could set this up at the server level or htaccess (i.e. redirect the login/register pages to https, redirect everything else on https back to http).

But the best option is to move everything to https. If it's insecure to send password details over http then it's also insecure to send your cookies over http too, once you are already logged in.

Images can be a problem but currently all browsers will load http images on a https page. If all images are 'local' (i.e. on your site) then you can rewrite them all to https://

It's more difficult for external images because you don't know whether the external server supports https. On my site I set up a "proxy" PHP script that fetches the image over http, but the URL is a https one on my site. I may release this as a plugin in the future if people are interested.
commented Jun 9, 2017 by Waterfr Villa
Moving everything to https created issues for me. Some of the lugins like custom google search no longer work. As well images are not shown properly.
...