We are pleased to announce that in an effort to make your connection to the phpBB.com servers more secure, we have implemented SSL/TLS across our corner of the internet.
We are very grateful to the fine folks at DigiCert, who have graciously donated an Extended Validation Certificate for us to use on www.phpbb.com and a Wildcard SSL Certificate to secure the rest of our subdomains. If you are using a modern browser (and reading this announcement on www.phpbb.com), you should see a green address bar, denoting the secure connection. Other *.phpbb.com sites will display a lock.
To verify the details of the certificates, you can check out the seals below:
Qualys Labs also has a nifty tool for analyzing SSL connection details:
Analyze phpBB Main (www.phpbb.com)
Analyze phpBB Area51 (area51.phpbb.com)
Security is phpBB's top priority, and with this change, data sent between your browser and the phpBB.com servers will be encrypted to prevent access and tampering. Of course, SSL doesn't protect against everything, so we'll take this security-themed post as an opportunity to remind everyone to be diligent, use secure passwords, and only utilize computers that you're certain haven't been tampered with.
This has been rolled out to most areas of the site, however efforts are ongoing in several sections:
- http://tracker.phpbb.com is still being tested, so it does not have SSL redirection in place yet.
- Our team map requires moving to a newer version of the Google API, so that page will not be sent over HTTPS.
- HTTPS is not forced on Area51's discussion board so that testing may be performed in both environments.
Once again, a great big hug to DigiCert for sponsoring this move.
You may discuss this in the discussion topic.