Sorry for bumping this thread, but the issue still persists.
Except now we cannot use HTTPS Everywhere as a crutch anymore as the extension was discontinued by Electronic Frontier Foundation (EFF), the original developers, and subsequently delisted from all browser extension stores. I know that some random people reuploaded HTTPS Everywhere to the Chrome Web Store, but I would rather trust the EFF than some stranger on the Internet with snooping around in my browser.
By patching the HTML code of the login form as shown at the bottom of the post (you can do that with your web browser's developer tools; though usually only on a PC) to have the login request be sent via HTTPS, I was able to solve that issue.
However, it is not a good remedy as the change only takes place inside my browser and does not take non-technical users into account (who should not have their cleartext passwords be transmitted over unencrypted HTTP, especially not if they are using a public unsecured Wi-Fi network, just because they have no clue about computers).
Since I am not familiar with the software stack of this forum, I currently do not know how to configure the forum to perform said change server-side, if it can be done at all.
SPECIFIC CHANGE:
before:
<form accept-charset="utf-8" method="post" action="http://lanaboards.com/login/" data-controller="core.global.core.login">
[/CODE]
after:
[CODE]
<form accept-charset="utf-8" method="post" action="https://lanaboards.com/login/" data-controller="core.global.core.login">
[/CODE]
