Kyavion wrote: ↑
Tue Jan 23, 2018 2:16 pm
Thanks for the feedback everyone. My plan on HostGator is the basic plan, which upon further research apparently doesn't provide for an option for https. How important is running https for a forum?
Without it browsers are going to issue warnings on things like the login box. The reason for this is for example suppose the user is using public wifi, someone with access to the router could obtain their login credentials.
Since right now I can't purchase the certificate, should I still change the settings in the ACP to reflect https and 443 instead of 80 for the port?
I would suggest leaving it as it is.
So if a user wants, does typing "https" in the URL provide the same security as if I had the certificate?
Firstly if you do not have valid certificate this would require a default or self signed certificate. If a default certificate is present the user will get a warning page and will specifically need to make an exception to view the site over https. This is useful if for example you yourself want to access the site over https to perform administration tasks. It will protect your login credentials from third parties*. Not so useful for your visitors.
This is secure as far as the communication between your browser and the server is concerned but going back to the public wifi example someone could spoof a site in which case it would not be your server you were communicating with. Not such a huge threat for minor site but a very big deal if it was banking site.