User blog:TimmyQuivy/Opt-In Now Available for HTTPS on FANDOM

Late last year, we updated the community on our plans to migrate FANDOM to the HTTPS protocol. This is something many of you have wanted to see, just as we have, and a lot more work has been done to help make this happen!

Since our last update, we’ve continued making changes to our codebase to make switching to HTTPS as simple as possible. To kick off the migration, in early February we enabled a preference that allowed FANDOM Staff members to opt-in to having pages served over HTTPS for a number of randomly-chosen communities. After fixing a few bugs and doing some extra future-proofing — making sure images imported through custom JavaScript use the HTTPS protocol, for example — we extended the use of HTTPS to include all communities covered by our SSL certificate with our current URL structure.

If that sounds confusing, don’t worry! I'll explain further into the blog.

Beginning today, April 26th, we’re excited to offer this same preference to you, our global community members, as a beta test. You can opt-in to this test by going to the Under the Hood tab in Special:Preferences. Once there, look for the option toward the bottom to select “Use HTTPS while logged in” and then click Save.

Reporting Bugs
You shouldn’t notice any changes after you enable the preference. Our goal with this process is to make sure the page loads exactly the same with HTTPS as it would with HTTP. If something looks or behaves differently, it's almost certainly a bug that should be reported to us. The culprit of any bugs will probably be a result of a wiki’s customizations or your own personal JS or CSS. Check your error console or add ?usesitejs&useuserjs=0 to the URL to test, and make any JavaScript or CSS imports use the  versus   syntax. If you need any help with that, please let us know and we can walk you through it in more detail.

Remember how I said the communities with HTTPS are ones covered by our SSL certificate under the current URL structure? What that means is that we have a certificate for  that allows us to serve HTTPs on wikis with a single subdomain, like naruto.wikia.com, but not multiple subdomains. When you enable this preference, pages will be loaded over HTTPS on all English wikis such as  and any special non-English wikis that have a single subdomain, like.

Conversely, wikis with multiple subdomains, such as  will not have HTTPS enabled regardless of your preferences, but will be served still in HTTP. Wikis being served in HTTP are not at an extra security risk as all sensitive functions on a wiki - such as logging in with your username and password - are already loaded through HTTPS.

If you see a bug not explained by the situations described above, please send in a bug ticket. If a bug prevents you from doing your wiki work, you can easily turn off the preference until the matter is fixed.

Next Steps
Nothing is set in stone for what comes next with this process, but there are three important developments we can look forward to:


 * Wiki opt-in. If this test goes as well as we anticipate, we’ll begin to switch wikis as a whole over to HTTPS, meaning users would have their pages served in HTTPS regardless of whether they have opted into the preference or not. We will seek volunteer communities to test this on first and will tell communities when this happens so all users are properly informed.
 * Full global release. The ultimate goal is to have HTTPS be the default for all users and visitors, without a preference. This won’t happen until every wiki falls under the SSL certificate, meaning…
 * URL changes. As we alluded to in the initial announcement, URL changes are likely. There are no final decisions yet, but ultimately to move forward we will have to change the structure for non-English wikis. Whatever URL changes occur, you will be well-informed ahead of time and any old URLs will redirect. Due to a number of reasons, this final changeover is not likely until early 2019.

Be sure to opt-in to HTTPS and then let us know if you see anything that needs to be fixed!