We are transitioning over to a new forum platform. Please post new issues there. Existing threads will be dealt with here unless you choose to move them over. Visit the new forum

Forum

Thread tagged as: Configuration, Hosting

Clients asking about 'Website Not Secure' warning appearing in address bar on Sa...

This might be a server side query but I've had a couple of clients mention the worryingly prominent 'Website Not Secure' warning in Safari when they're logging in to their backend. Can anyone point me in the right direction of how to tackle this issue?

Emily Taylor

Emily Taylor 0 points

  • 2 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

You'll need to add a certificate and serve your site over HTTPS. Your host should be able to help.

Andy,

I know this is old but if I was you I would consider utilizing cloudflare. You can get a free shared SSL certificate that utilizes http/2 which is much faster than some hosting companies that have an SSL certificate that you have to pay for annually. Cloudflare is meant to be a content delivery network which is ancillary for me but it is important for the speed of your site as well.

If your host is any good, they will have a LetsEncrypt system in place. We recently switched ALL our customers' hosted sites to https with this. No cost, except for the work required on sites to ensure all the pages and images really are secure and not mixed content.

I think its around June that a Chrome update will come out where they will flag ALL http sites as not secure. I expect other browsers will follow. At the moment, browsers are only flagging pages as not secure if there's a form on them (like the Perch login page on your site). So, bottom line is that your customers sites need to be served over https within the next few months.

Interesting Graham. I had never heard of them before. Here is a guide if you use Hostgator anyone https://thedavidweb.com/install-lets-encrypt-free-ssl-hostgator/

Graham you might also want to check out Cloudflare as well. What I've noticed is most hosting companies have yet to switch to http/2 so that makes the SSL certificates slow down your sites load time and sometimes significantly. You also then get the benefit of a CDN on top of it.

Thanks Matt

Our LetsEncrypt setup is now completely automated. New sites are added in a few seconds and the certificates are renewed automatically every 3 months. We have around 200 websites now switched to https for free for our customers.

I did try Cloudflare for a while (its free with my hosting - Clook/Sub6) but for most accounts it was more trouble than it was worth. We had several outages and it was a pain switching on/off the system into 'dev' mode each time we made media or stylesheet changes for customers. We weighed up the pros/cons and then stopped the Cloudflare service for all but a few accounts. I believe we can switch to http/2 and it will be the next thing we do for our hosted customers I expect. That's after I've stopped being a 'GDPR consultant' several times a day for the customers (LOL).