https-encrypted-browsing [ Wiki]

JFH >> HTTPS Encrypted Browsing

What is HTTPS? This means all traffic between your browser and the server will be encrypted and cannot be monitored by a 3rd party. While this is not so important for browsing from your home internet connection, it is essential to be secure if you are using public wifi or a similar public internet connection.

You will know if you are using HTTPS by looking at your address bar. If it says https:// and there is a green lock icon or similar, then you are browsing with full encryption.

Jcink Forum Hosting now offers HTTPS for you & and your forum users.

Status of HTTPS

  • HTTPS became is available and active *, and our main site *
  • It is not available for * or custom domain names. – please don't purchase any SSL certificates!


HTTPS is faster, and far more secure overall, even if you are not storing personal details on your forums. Everything is that much more secure for everyone when HTTPS is being used at all times.

The second, more pressing answer to this is: HTTP is going to be phased out. As site owner, you will eventually *need* to switch to HTTPS. In January 2017, Google Chrome began marking non-HTTPS sites with login forms as "Not Secure" in the address bar. This is the first phase of depreciating HTTP.

Not Secure warning due to non-https)

The only way to avoid this “not secure” notice presently, is to switch to HTTPS. For now, it is a fairly soft notice, but in the future it will be red. Google's overall goal is to eventually mark all HTTP websites as unsafe.

As a response to this, we have enabled the HTTPS option for free, for everyone, across * - and our main site. Full switch to HTTPS is one of our long-term goals.

Making your forum HTTPS ready

The transition to HTTPS presents some challenges. To utilize HTTPS without your forum breaking, you may need to check your Board Wrappers and CSS to ensure that they are compatible. There's a good chance that your board is not going to look correctly over HTTPS until you do make some changes.

Any embedded external JavaScript, Chat Boxes, fonts, or images within CSS will need to be switched to https. This is because HTTPS does not permit embedded content over regular HTTP.

As an example, here is our logo. If the following URL is embedded in CSS:

The image will refuse to display. There are two options here.

Remember, if the server you are trying to link this image from does not support https, this will not work.

In the future, we will have tools to help assist you with some of these changes, but would urge you to try converting your skins and templates at your convenience now to be sure they are as HTTPS-compatible as possible. Remember: you can always link https resources over http with no side effects, but not the other way around.

Converting Skins / Themes to be HTTPS Ready

In some cases, you may find that a skin or theme you're using looks “broken” or is missing content. This may include elements as simple as a background image. In worse cases, features are missing or not working anymore, due to failure to load required sccripts. The following is not a complete guide, but will help to generally fix most of these problems.

To fix *most* HTTPS incompatability issues with themes:

1. Admin CP → Skins & Templates → Manage Skin Sets → Edit Board Wrappers of the skin/theme

Within the board wrappers, use the CTRL + F feature to find and replace all references from http:// to https:// for all embedded content. You can also do this job quicker by copying and pasting the wrappers into an application like notepad and using the find/replace text option. This needs to be done for alls <font> and <script> tags most importantly.

Importantly, note any references to anywhere. These must be changed to, since does not support https.

2. Admin CP → Skins & Templates > Manage Skin Sets → Edit Stylesheet of the skin/theme

Within the board wrappers, use the CTRL + F feature to find and replace all references from http:// to https:// for all content within elements of the css. Background-image:url() and @font-face attributes all need to be switched to https.

Importantly, note any references to anywhere. These must be changed to, since does not support https.

User-posted Content

What About non-HTTPS user posted contents? Such as: signatures, avatars, graphics, etc.

Presently, non-https images inserted using the [img] tag in posts will display over http. This could be subject to change in browsers over the future. For now, you should not worry about this. However, some users who have HTML enabled on their board allow users to utilize CSS. Their images will need to be uploaded to HTTPS-friendly image hosts. Fortunately, as a result of the push to HTTPS, most image hosts are providing https hosted images by default. We recommend using those who do, and contacting the image hosts who don't to let them know about the need for HTTPS, if you use them.

Access boards over HTTPS

You can utilize the * subdomain to access your board over HTTPS. If you presently use *, you can substitute [yourname] and reach the same board.

  • https://[yourname]

Access Admin CP over HTTPS

You can visit your * URL with /admin.php on the end to have a fully encrypted Admin CP experience.

  • https://[yourname]

3rd Party Image Hosting

Your JFH Filemanager via Admin CP supports hosting of any images you may need for your board. This allows you to serve all of your images and other media necessary for your forum over HTTPS. In some cases, however, members may need to use external image hosts. While HTTP images are allowed by browsers in posts at this time as mentioned earlier, this may change in the future. The following is a confirmed list of https-supported 3rd party image hosting for your convenience.

Legacy b1 subdomains

Our legacy subdomains, *, does not presently support HTTPS and at this time because of the double-subdomain it is not possible for us to implement. If you are using * please migrate to *, all boards on * can be accessed over *

https-encrypted-browsing.txt · Last modified: 2020/09/11 17:03 by jcink