Hello All,
I was wondering if there were any considerations on switching the site over to support SSL? I know a big barrier for a large number of sites in the past was the cost of an SSL certificate, but now with the pending public release of Let's Encrypt ([url]https://letsencrypt.org/[/url]), I was wondering if this was going to be reconsidered.
I know SSL isn't generally a large concern for a wallpaper sharing site, but by having a non-SSL authentication page, the login credentials of your users are going over a plaintext format, which would be readable by any middle-man to the connection. This sort of situation is highly common in most work environments (although I feel most people probably shouldn't be on this site while working) and in many large apartment complex's.
Given the prevalence of password reuse (aka, the password for wallhaven also being their password for some other site), this could lead to people having their wallhaven or other accounts being accessed from an unauthorized party.
In a perfect world, everyone should use unique passwords for every site, which would then make this mostly a non-issue (because, let's be honest, in the grand scheme of things people accessing your favourite wallpapers isn't the end of the world). However, this is not a perfect world, and it has been shown through analysis of the many DB dumps out there that people do reuse passwords for multiple sites.
As such, I was wondering if the idea of an SSL cert for the site was being reconsidered due to the pending release of Let's Encrypt. If, as developers/admins, you decide that this is an acceptable risk, then I understand.
Thank you for your time, ~Lurker