Quote: zczeroYeah, it’s a good idea but the costs are unknown how much this will cost in both time and money. I’ll keep you posted if I find out more.

This is not about being a good idea.

if you value your users security you will implement this as soon as possible.

I personally will not login with my account until you sort it out.

It’s absolutely ridiculous that there is no SSL certificate on login. This means a plain text password is transmitted over the internet where people can intercept it and harvest passwords.

Are you aware how bad this is?

Lets encrypt costs you nothing.

At the very least. create a login page with SSL on it

as in:

you click ‘login’

it goes to a login page with SSL, and you log in

What language is your site written in?

Quote: zczeroYeah, it’s a good idea but the costs are unknown how much this will cost in both time and money. I’ll keep you posted if I find out more.

That’s a very 1995 stance toward security. In fact there are several poor security practices on the site, like password limits. In 2021, you shouldn’t have any password restrictions on passwords except limiting the input to 100 or 200 characters and checking against compromised password lists.

If you have been breached would you even know? You’re just opening yourself up for a lawsuit.

Setting up TLS (https://) literally takes 10 minutes. Even if you’re proxing through a load balancer.

Quote: zczeroYeah, it’s a good idea but the costs are unknown how much this will cost in both time and money. I’ll keep you posted if I find out more.

With Lets Encrypt, it’s free.
https://letsencrypt.org/

Due to our database structure, we are unable to use Lets Encrypt, that and other solutions we’ve investigated in detail many times. we’re in the process of reconstructing things and when that is finished we will have SSL. thanks for your patience.