Just noticed that you can hit http://community.iotawatt.com/ and it does not forward the connection to to the https site. Chrome warned me that submitting my credentials was “unsecure”.
I’d like to bump this because I noticed it too. I hit the non ssl site and tried to login and it told me my account wasn’t valid. I’m conditioned to tune out the unsecure message because i’m constantly testing in development environments so it’s a normal occurence for me. I almost registered a new account before i realized what was going on and went to the ssl version.
While you’re at it, might as well add a HSTS header too.
HTTPS should now be forced. Report any issues.