backface
commented
5 years ago Thanks for the pointer. It seems you used turtlestitch.org via HTTP and not via HTTPS which is also available.
I finally recognize however it might not be a good idea to leave this choice up to the user and the site is redirecting/forcing use of HTTPS now.
In addition, I changed the login request to be sent via POST so it also does not show up in our server logs anymore.
When I log into the site, my username and password are transmitted in plaintext, non-securely.
The site should either:
The first would be a much better solution, and it will also harm user trust search rankings if this is not fixed. The second would be a possible alternative, and even an added bonus if no. 1 is also implemented.