How to serve Login Pages with HTTPS?
Chrome and Mozilla started a few ago a new procedure that mark some pages that has information like credit card number or password as insecure.

https://www.wordfence.com/blog/2017/01/chrome-56-ssl-https-wordpress/

This will make in essence any pop-up login form useless when loaded in a non-secure https page and considering that is impossible in a Social Network force every external source to load using HTTPs this represent a big new challenge.

Some of my pages started to display a insecure tag this week and my users started to ask why this is happening. I remember that phpfox has a feature that allow certain pages with senstive data like admincp, the login page and profile management to be loaded using https, so I would like to ask how can we implement something similar to Social Engine?

I am trying to solve this using a rewrite rule, but was unable to solve until know. 
    • 2
    Donna My host just changed my author site to https and it works fine. The only thing I've not done is the redirect for those that might come from the http. http://support.socialengine.com/php/customer/en/portal/articles/2036045-how-to-protect-your-site-using-ssl-and-https?b_id=14386 please see if that tutorial helps.
    • 1
    Donna I'll have to update that tutorial. For enabling this, which I just did for my site, instead of /application folder, change the .htaccess in the main folder wherever you have SocialEngine installed such as public_html if you don't have it in a subfolder.
      • 1
      Sieg I looking and seems that to solve this we need to secure the following pages:

      www.domain.com - Only the homepage, since several users put a login widget in this area.
      www.domain.com/signup - This is one area where users use password during register
      www.domain.com/login - This is one area where users use password while logging
      www.domain.com/members - There are several profile areas like "change password" that start with "member".
      • 1
      Sieg Hello [231316,Donna]. The tutorial helps in part, since even that you set the website to run completly in https there are some elements that can be non-secure.

      A simple example is a youtube video embed using the tinymce. Usually Youtube run in http. If you are running the installation in https, when you browse a page with a youtube embed video or you will receive a "mixed content" that will not display the video or you will a message of insecure page. If you are using a login popup in this page you will receive also an insecure password message.

      This is the reason why I started to think that secure only login pages is better than secure the whole website. The risk of display broken elements that will make users angry is not a good idea.
        • 1
        Donna Is that something that could be improved with a tutorial for your members to only use https from youtube? Is that something that needs improving on our end if users are using https but the embed is changing it to http?
          • 1
          Sieg I think that is impossible to force all external link to use https. Neither all websites are prepared to use https (adsense by example enabled https in the last year), so I think that an auto https maybe a not good idea. Youtube is a example of embed code provider that use http by default in their links, but probably there are others that do the same.

          To avoid the problem with chrome and mozilla awarning users about insecurity (what can be a disaster considering that neither all users will understand why this message appear) the key is to server the pages where there are sensitive information like password and creditcard numbers with https. I was studing and in theory if we server these pages with https will solve the problem:

          www.domain.com - Only the homepage, since several users put a login widget in this area.
          www.domain.com/signup - This is one area where users use password during register
          www.domain.com/login - This is one area where users use password while logging
          www.domain.com/members - There are several profile areas like "change password" that start with "member".