My site shows up as not secure


(Paul Bax) #1

My site: www.baxunlimited.com shows as not secured. Do I need to correct something in the settings? I use oak tree for hosting.


(LJ) #2

You need to:

  1. get an SSL certificate
  2. add a little code to the .htaccess file to ensure http always redirects to https
  3. Make sure you publish your sites web address as https and not http

I don’t know Oak Tree but see if they offer a free SSL service such as ‘Lets Encrypt’ This is all you need unless you sell online and want to offer customers compensation in the event if online fraud / loss.


(LJ) #3

Can I offer some more advice? You appear to be using a responsive theme with non responsive elements in it. So the three columns on the home page are too wide on mobile and go off-screen.


(Paul Bax) #4

THANK YOU very much for the advice.


(Rocco) #5

I’m having the same issue with my site. weddingphotoct.com I have an SSL certificate. I use JustHost. The tech person couldn’t help me. They said to check with the web building software (Rapidweaver obviously) What’s the “little code” that I need to add to the .htaccess file? And where would I place it? Thanks in advance!


(Don H) #6

Have a look at Doug’s post in this thread.

That code will redirect your site to SSL. That will eliminate the “not secure” warning. That’s pretty standard code and has nothing to do with RW. Your host should be able to help you with that, if you have issues.

In order to actually see a secure padlock in the web browser, you’ll also need to make some changes in your RW project and republish. The link below shows mixed-content that is preventing the padlock icon from being shown. Most likely you’ll just need to change your “Web Address” in general settings to: https://weddingphotoct.com. You may also need to make to make the same change to “Website Address” in your publishing settings.

The link below
https://www.whynopadlock.com/results/4a734dfb-1da4-4d38-a1d9-290d2e71f5b3


(Rocco) #7

Don, thank you for the help! Couple questions. 1. Where would I place that code (RewriteEngine On RewriteCond…)? Is that code something I could place in Rapidweaver? Settings/Code/Head or Prefix or Body? 2. Where is the correct location for a .htaccess file?


(Doug Bennett) #8

That goes into the htaccess file. In RapidWeaver 8 in publishing settings, at the bottom is an edit htaccess button( I think that’s what it’s called not at a Mac now).
You can also use any ftp client to upload it to the root level of the site. It has to be PLAIN text, and called .htaccess .

Fix the mixed content first. Especially if it’s active content or it can break the site. Once you’re using https all active content has to be https.


Forcing the use of https
(Rocco) #9

Thanks Doug much appreciated!
I have Rapidweaver 7.
I opened and looked at my .htacess file on my web server here is the code:

BEGIN WordPress

RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress

I’m (obviously) not using wordpress so should I delete all that code and replace with:

Or should I add this code below the existing (wordpress) code?
And yes, I will change any active content to https before I do this.

Thanks again!


(Don H) #10

If you aren’t using WordPress, then you can replace the existing code with the above code form Doug’s post.

If you want to be conservative, you can put a “#” character (no quotes) at the start of each of those wordpress rules. The # turns them into comments and they will not run. Then put the code Doug gave you above or below them.


(Bob Latterman) #11

I use Bluehost and they give you a free SSL certificate … all I had to do is specify https://www.(my site)… in the General tab of RW8… worked for me…


(Paul Bax) #12

I will contact LittleOak and see what they say.

Paul Bax


(Paul Bax) #13

I have my SSL - no trying to figure out where to put it…screenshot anyone?


(Neil Egginton) #14

The SSL will need installing on your host. Is it a free one?

Maybe it’s already installed if you got through your host.