Website Not Secure

Discussion about this site, including these forums (eg, suggestions, comments, queries). Topics may be manually deleted occasionally (eg, after suggestions dealt with, or changes bedded in).

Website Not Secure

Postby South_Aussie_Hiker » Sun 22 Jul, 2018 8:55 am

For the last month or two, every time I login this site, my iPhone gives a red “website not secure” warning at the login page.

This occurs regardless of whether I’m connected via home NBN or 4g.

Once logged in, the earning disappears.

Has something changed with the security certificate of the website, or could this be related to iOS 11.3/11.4?
User avatar
South_Aussie_Hiker
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 898
Joined: Tue 22 Feb, 2011 9:24 pm
Region: South Australia
Gender: Male

Re: Website Not Secure

Postby michael_p » Sun 22 Jul, 2018 4:46 pm

Most likely to be related to this change that has recently been implemented in Safari: https://www.digicert.com/blog/safari-wa ... re-logins/

In a nutshell. The site login is done over a standard http connection. What all browser makers have moved to is logins using https ,which is the type of secure connection that is used for online banking, etc.

Browser makers are moving towards all website using https connections for all pages not just logins. This is just the first stage of the process. Safari is about a year behind everyone else. The warnings only started this year some time AFAIK.

Should you be worried? Well that is up to you, I can't answer that question for you. Personally, I am not that bothered about this site only having a http login. There is little usable information about me in my profile so I see it as low risk. YMMV of course.

Cheers,
Michael.
One foot in front of the other.
User avatar
michael_p
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 977
Joined: Sun 15 Nov, 2009 6:58 pm
Location: Macarthur Region of Sydney.
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby ribuck » Sun 22 Jul, 2018 4:55 pm

An http login can be easily intercepted by anyone on the same WiFi network.

So make sure you use a password here that is different from the passwords you use anywhere else.
User avatar
ribuck
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 930
Joined: Wed 15 May, 2013 3:47 am
Region: Other Country
Gender: Male

Re: Website Not Secure

Postby north-north-west » Sun 22 Jul, 2018 4:59 pm

I've had this since a certain (can't remember which) update to Firefox.

No-one has hacked me yet. *fingers crossed*
"Mit der Dummheit kämpfen Götter selbst vergebens."
User avatar
north-north-west
Lagarostrobos franklinii
Lagarostrobos franklinii
 
Posts: 10910
Joined: Thu 14 May, 2009 7:36 pm
Location: The Asylum
ASSOCIATED ORGANISATIONS: Social Misfits Anonymous
Region: Tasmania

Re: Website Not Secure

Postby South_Aussie_Hiker » Sun 22 Jul, 2018 5:13 pm

Great. Thanks for the detailed explanation.
User avatar
South_Aussie_Hiker
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 898
Joined: Tue 22 Feb, 2011 9:24 pm
Region: South Australia
Gender: Male

Re: Website Not Secure

Postby wildwalks » Mon 23 Jul, 2018 10:17 am

Yes -- that is right. I have not installed a SSH (https) certificate for the bushwalk.com.
This is something I should do. I am planning a fairly significant update later this year, I will include adding a SSL to part of that upgrade. A different password is good advice.

thanks

Matt :)
wildwalks
Magnus administratio
Magnus administratio
 
Posts: 779
Joined: Mon 22 Nov, 2010 4:35 pm
ASSOCIATED ORGANISATIONS: Wildwalks, Bushwalk.com & NPA NSW
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby FatCanyoner » Mon 23 Jul, 2018 5:16 pm

Matt, this is definitely worth resolving. I moved my blog over to https late last year after people started mentioning issues with this. Certain browsers really don't like http sites anymore. And depending on your security settings, some people will simply get blocked rather than getting a warning. This is only going to become more of an issue as https is further entrenched as the standard.

I'd recommend getting an SSL certificate through Let's Encrypt (https://letsencrypt.org), which is a free and effective service.

I'd also point out that, despite not being particularly technical, I managed to move both Fat Canyoners (https://fatcanyoners.org/) and the new Canyoning Australia forum (https://canyoning.org.au/forum/) over to https. Once you have the SSL certificate sorted you can simply put in place a redirect so everyone who comes to the site using an old http url (links from other sites, old search engine results, etc) is automatically redirected to the https version. People won't even notice the difference, and you'll not only provide greater security for forum users, but you'll avoid losing potential visitors.
The Fat Canyoners: trip reports, technical tips, gear reviews and more: http://fatcanyoners.org
User avatar
FatCanyoner
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 753
Joined: Fri 12 Aug, 2011 7:45 pm
Location: Blue Mountains
Region: New South Wales
Gender: Male


Return to Forum & Site

Who is online

Users browsing this forum: No registered users and 1 guest