'Not Secure' warning
Permalink
My client just noticed a 'Not Secure' message while logging on. (See attached image.)
Is this new? Something I need to worry about? Can it be fixed?
John
Is this new? Something I need to worry about? Can it be fixed?
John
Thanks. Thought that was the case.
Am I safe in assuming C5 hashes the PW so there is little danger of the site being hacked?
Am I safe in assuming C5 hashes the PW so there is little danger of the site being hacked?
I think the issue is that the password will be transmitted unencrypted from client to server, so it could be intercepted before c5 gets a chance to do anything with it.
I think the issue is that the password will be transmitted unencrypted from client to server, so it could be intercepted before c5 gets a chance to do anything with it.
This is one of the reasons why I went to a new host that offers the http://letsencrypt.org/ certs.
I think the issue is that the password will be transmitted unencrypted from client to server, so it could be intercepted before c5 gets a chance to do anything with it.
This is one of the reasons why I went to a new host that offers thehttp://letsencrypt.org/ certs.
yup.
Just so I understand, if I add a the free cert recommended above, the login will become 'https' and the PW will be secure. Is that right?
Will this affect the rest of the site? Will all url's become 'https' -- even previously bookmarked links?
Sorry if these are stupid questions, but I am clueless when it comes to certificates.
Will this affect the rest of the site? Will all url's become 'https' -- even previously bookmarked links?
Sorry if these are stupid questions, but I am clueless when it comes to certificates.
Have a look on here for your hosthttps://community.letsencrypt.org/t/web-hosting-who-support-lets-enc...
That isn't a absolute list so if you can't find your host you would have to ask them if they support the Lets Encrypt certs.
I know 1and1 just will not as they want you to buy their certs for instance.
When I did it on my host krystal.co.uk which is a supporter I logged into CPanel click on the Lets Encrypt link and issue a certificate to whatever domain I wanted.
Then to force traffic to the https site I put this at the top of my .htaccess file:
That isn't a absolute list so if you can't find your host you would have to ask them if they support the Lets Encrypt certs.
I know 1and1 just will not as they want you to buy their certs for instance.
When I did it on my host krystal.co.uk which is a supporter I logged into CPanel click on the Lets Encrypt link and issue a certificate to whatever domain I wanted.
Then to force traffic to the https site I put this at the top of my .htaccess file:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Just a side note: I developed a concrete5 package that uses the Let's Encrypt services to create https certificates ;)
The only way to get rid of the message would be to add an SSL to the site.