With increased attacks on servers, I feel like MFGG should be secured with SSL (especially protects the users from getting their password stolen by hackers). I have already noticed several fan communities that started to use SSL. What do you think? Should MFGG include SSL on all of the sites?

Yes. Using SSL/TLS is good for security, and it also helps boost your site's SEO rank. Also, many modern browsers are beginning to display ominous warnings against using sites that aren't encrypted, which could scare off some new users.

Yes

MFGG is a VPS, I could connect to it via the terminal and run Let's Encrypt, but I'd rather that be run by Retriever II first.

Yeah

Yes, this needs to be done.

SSL is now enabled for the site and forums. The site is still being flagged insecure by Chrome because it's including non-HTTPS resources.

You're the man RII! Is there a way to change perm URL into https on the main site since everything can be loaded via https? For instance: [spoiler][simg w=240 h=426]https://i.imgur.com/BtD2W06.jpg[/simg][/spoiler] Or that's gonna break the main site software itself. It's not a big deal as long as other contents are secure.

It seems like the main site didn't like this change. [img]http://i.imgur.com/WSthlze.png[/img] Changing "https" to "http" in the URL fixes the issue :V

It would be recommended if using URL shortener to fix that issue: https://goo.gl/ Or modify some PHP coding/Apache rewrite (.htaccess) coding to fix that.

[quote="Hypernova"]It would be recommended if using URL shortener to fix that issue: https://goo.gl/[/quote]What do you mean? That's what I get when I try to download a submission.

I get the issue showing up on my end as well. Perhaps leave the main site unsecured and make changes to the coding on a test subdomain/add on domain to resolve it first and test it. If everything works, apply that changes to the main site (also backups just in case something went bad).

This is mostly fixed now (needed to update the base URL in config.php, and fix the google ad URLs). The last thing that's kind of breaking the main page is all the staff icon URLs. Some of them aren't even hosted locally. The other thing is icons in the news updates. Those update blocks are stored in the database as compiled HTML, so the old links are baked in. Adding some string replace around displaying the news blocks would let you fix the URLs before sending them to the client.

Speaking of offsite links, between avatars and signatures, you'll never get a green padlock viewing topics on the forum.