Drupal Encrypt, new and better version
Are you running a Drupal website without SSL certificate? If you're not not into eCommerce, run a website with webshop, forums or anything that requires or offers login for users, then you're (mostly) fine. If however you have a website that offers or uses login services, you should think about minimum safety and security. Not the least for your users but of course, personal (admin) safety is equally important.
A SSL certificate for a simple homepage might seem over the top, it also can cost quite a bit. But there are alternatives that at least can make things better. One of these alternatives is
Encrypt, just got better
This module offers different encryption methods without a SSL certificate. I've used i for over a year now and it does the job.
June 5th 2015 a new version came out. A warning made it clear that upgrading from previous version might cause SNAFU to your install. Whenever such warnings show up they should not be taken too lightly. My recommendation is that you always take a complete backup prior to upgrade. That means of the database and Drupal structure. It will make life so much easier for you if something goes wrong. In worst case scenario you can have your site up and running within minutes if you have to take a step back.
In my case upgrade went smooth and that's more than norm than the exception, thankfully.
Overview of functions
Going to /config/system/encrypt you get to the default view
Default can be modified to your preferred setup it but you can also add your own configurations, as many as you like. Clicking edit you come to
To the left ot shows method settings, and key provider settings, clicking encryption method settings you get to the below overview
This is where you configure the encryption method. In this example AES 256 encryption is selected but you may like to try the other methods. If you have no idea what's best do a little research prior.
NB/Please note! When you test/configure methods for encryption which ultimately will affect login, also for you as admin, make sure you a) have full backup of your site and database, b) that you for instance are logged in with two separate sessions/browsers. Latter will, if you accidentally delete your cache, secure you can change stuff gone wrong without having to battle with a login that for some inexplicable reason stopped working.
I speak from experience, something happened when I first set it up and login would not work. Experienced drupal users can of course use other ways to disable the encryption altogether but you save more time by taking necessary (above) precautions.
Finally, the last configuration page, the key provider settings
This is where you define the settings for your key file. expanding the Additional Key provider settings view you add path to the key file. Typically the key file should be stored in a folder at root level or outside of your public html area. NEVER store key files in a directory accessible under public html.
That's it really, ah yes..right, a couple of things;
- when I set this up a long time ago I did come across some issues with iOS based devices. There was a fix for this but to be on the safe side, when or if you install the new encrypt version, make sure that you test log in from a mobile or tablet.
- if you choose AES256 encryption with a key file log in might take a few seconds. It does seem the new encrypt version handles things a little bit faster but other variables might come into play. such as your browser and web server. It is (of course) slower to use this method than a SSL Certificate but it is after all a free solution. I think it works great!
Help files are provided within the module.