- Compatible XF Versions 1.x
- 1.0, 1.1, 1.2, 1.3, 1.4, 1.5
As announced by Google, Google Chrome will show "Not secure" warning on websites having password fields on pages not protected by SSL. The solution is, of course, to migrate your forums to be served using HTTPS protocol. This is unfortunately not always possible, as switching to SSL requires all website resources to load under secure protocol as well, and for some websites, especially the ones having many images linked from other domains, this is quite hard to achieve. Storing linked images locally, as attachments is a good solution for some, but some others can't afford the database/disk space and the bandwidth used by so many hosted images.
This add-on makes it possible to avoid the warning by disabling password fields on non-protected pages and serving the login/register pages protected by SSL.
The add-on automatically removes the password fields on non-secure pages for XenForo default style only. If you are using a custom theme, it may fail to remove the fields. You can contact the theme provider or just edit the templates and remove login section from forum pages.
If you see SSL error on login pages, please follow the general instructions on making your site secure, checking the scripts/images loading on your login page. The product doesn't make the login page itself secure, it just ensures that login page is loaded under https protocol.
A commonly asked question regarding the add-on is why the link to login page itself is using http protocol, or why the links on the login page to other sections of the site use https protocol. The reason is that it wasn't technically possible to implement this functionality, but what we did is to ensure, that pages redirect to proper protocol version using 301 permanent redirects, which is confirmed by Search Engines to be the correct way to redirect pages to their canonical version. The SEO implications of this are unknown and you should use the add-on understanding this fact and at your own risk.
To install the add-on, extract the archive you can download here and upload the files and folders from "upload" folder to your forum's root directory. Install the product XML in Admin Panel.
The product has an option to set additional controllers, which are allowed to load under https protocol. Leave this option empty if you are not sure how to use it. It may be needed when you have a page, which should not redirect from SSL to non-SSL version (it can be a dynamic page serving some script, some image etc. which should be available under both protocols). You can contact the developer who implemented the page for instructions on which controller class is responsible for the page. Putting that class name in the option's field should solve the problem.