: Should every page on every site be behind SSL? This question stemmed from a discussion here: Ad networks that will serve via HTTPS? My question to the OP was "is it necessary to have every

Posted in: #Https

This question stemmed from a discussion here: Ad networks that will serve via HTTPS?

My question to the OP was "is it necessary to have every page behind SSL?" Admittedly at the time of posting this question, the OP hadn't got back to me to let me know what kind of site he had, was everything behind a login etc etc

I agree that if everything was behind a login then yes, it should also be protected by an SSL certificate, but if (for example) the site was a wordpress blog, would it be necessary for the parts of the site that were just going to be viewed by your average user (i.e. one that's not logged in) to be accessed over HTTPS. Admittedly, if you were logged in and viewing the "front-end" of the site, it would send over your cookie, but as long as you took precautions against that then it should be ok, right?

10.01% popularity Vote Up Vote Down

: My suggestion would be don't give them access to the production server, just to a dev/staging version.

@Carla537

0 Comments

: Can you not use AdSense but filter it so it only shows links to sites about books?

@Carla537

0 Comments

: YouTube does have an SSL. Try going to https://www.youtube.com Just get the embed code and then change all http:// to https:// Basically, they have an SSL certificate set up.

@Carla537

0 Comments

: Is it really worth submitting to DMOZ anymore? This question stems from here. This guy sounds like he's getting a bit annoyed with DMOZ, but I was wondering if it's even worth submitting there

@Carla537

Posted in: #Bing #Dmoz #Seo

4 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Angela700

If you took precautions to never visit the non-SSL areas of a site while logged in, and if there was a logout process that properly deleted the authenticating session cookie, then it should be fine. Of course, the more admin-level users you have, the greater the chance that this will never happen.

A more ideal way to do this, for the Wordpress example: move (not copy) /wp-admin to a different domain under HTTPS. That way, you won't have to worry about logging out to make sure your new post got published okay, because cookies are per domain. A cookie for admin.mysite.tld won't be in the request headers for mysite.tld, so there's nothing unencrypted to be sniffed and hijacked.

(Granted, if it's a single-author/admin Wordpress site, just tunneling through a VPN when accessing it over a wi-fi hotspot would have the same effect, without the mess of tweaking WP to work across two domains.)

10% popularity Vote Up Vote Down

Feed

: Should every page on every site be behind SSL? This question stemmed from a discussion here: Ad networks that will serve via HTTPS? My question to the OP was "is it necessary to have every

More posts by @Carla537

: My suggestion would be don't give them access to the production server, just to a dev/staging version.

: Can you not use AdSense but filter it so it only shows links to sites about books?

: YouTube does have an SSL. Try going to https://www.youtube.com Just get the embed code and then change all http:// to https:// Basically, they have an SSL certificate set up.

: Is it really worth submitting to DMOZ anymore? This question stems from here. This guy sounds like he's getting a bit annoyed with DMOZ, but I was wondering if it's even worth submitting there

Login to post a comment!

1 Comments

Back to top | Use Dark Theme