Force HTTPS
I really like Userecho but when I went to reset my password and try signing up for a free forum to test it out I noticed that my settings page was over HTTP, as was everything I was trying to do on the site.
Userecho really needs to set user cookies as secure only and put login forms on HTTPS pages
+1, especially now when browsers begin to warn when http is used.
Chrome: https://venturebeat.com/2017/01/26/chrome-56-arrives-with-warning-for-http-password-and-credit-card-webpages-faster-page-reloading/
Firefox: https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
I know that UserEcho supports https, but doesn't use it by default. Many websites redirect to https, please do the same.