Am 06.03.2018 um 16:19 schrieb Timoses:

Might there be a problem with not using https for the site in regard to the GDPR (May 2018!).

Since there's data stored (username, e-mail, password) and transmitted unencrypted?!

Not sure about what actually applies, since this is non-commercial, but
I've switched to HTTPS-only now to get a feeling for the performance and
stability/connectivity implications.

Storing the login related data should hopefully still be allowed without
explicit consent of the user, even if the commercial rules apply, since
they are required for the basic operation of the site. We may still
require a proper privacy statement, though...