I just want to add that in our present reality, in which digital gangsters become more and more of a threat to all website creators and all website users, it is a natural and very welcomed trend among browser creators to implement a slew of security measures. This trend will only add tighter security measures with time. So, at some point, your unsecured website may become completely unreachable in some/all browsers.
So, you should definitely get a SSL/TLS certificate (for example, from Let’s Encrypt), as the first step to make your site hacker-proof. Next, you should implement a series of security and integrity rules in your .htaccess file.
100% agree with Scott and Rob. You need to deal with this, and fortunately pretty easy and free these days. Any decent host will offer free basic SSL certificates - if yours doesn’t, find one that does. Your host should also install it for you.
Once done you should ‘force’ https in your htaccess file to make sure all versions of your website (www, non www, http and https all resolve to the secure version. If you need any help just shout.
@TomM Sorry but that’s a head in the sand attitude. If you have a website, very soon it’ll show on all browsers as insecure and scare visitors away. There are many posts on here about HTTPS, most ISP’s offer HTTPS for free and some even offer a simple checkbox to implement it (I use one.com, HTTPS is free and a checkbox on the Control Panel to turn it on). You’ll also need an HTACCESS file, again many posts on here on how to do it. I’m a latecomer to website production ( I’m now an OAP!) and run 12 sites for various church and charity organisations. Yes, it was a bit difficult to understand at first but there is more than enough info on here and the web to help you.
Not head in the sand just hard to understand esoteric information.
So I emailed my host ( GlobalHost) about a SSL certificate. They wrote back to offer an SSL certificate for $100 a year. A few minutes later another person wrote to say that they have installed a certificate for free from Let’s Encrypt.
So I guess that part is done although I have not seen or uploaded a certificate file.
I don’t see a .htaccess file or C panel on the sever.
But I have found this code if I can figure out where to put it.
Okay, let’s take things a step at a time. The first thing to do is verify that your website will now load if you go to https:// instead of http://. If so, then you know that the SSL certificate is installed correctly.
The next thing to do would be to make sure that when it loads, you see the padlock icon in the browser address bar. If not, post back here and we’ll offer more specific advice on this part.
After those are checked and good, then you should change your website address in RW to be https:// and republish all files.
The final step will be to force all users to the SSL version. We can get to that once the above is done.
If you want to post a link to your website, we’ll be able to help you check things with you and offer better help.
Don’t get discouraged. If you get stuck at any steps, just post back here. There are plenty of users who will help guide you in the right direction.
It shouldn’t. If you feel more comfortable, you can wait and re-publish later tonight.
Once that’s done, you’ll just need to add redirect commands to htaccess, so that anyone who goes to http:// gets redirected to https://@teefers as posted a lot of useful information on redirecting to SSL. Here’s one of his posts with code that should work for you. You’ll need to past that code into an .htaccess file. This can be done in your hosting control panel or through RW. I always use my host’s control panel.
It does not appear to redirect. If you go to the plain http:// link, you end up at the site with the not secure warning. Below is the non-ssl link. It should redirect you to the ssl version and it does not. You could ask their support to look into that.
You probably need to make a change to the code that imports the weather. Anything loaded on a https site should be loaded via https. Check the code that loads the scripts. You probably just need to change http:// to https:/.
If you don’t find the code, let us know what page it’s on, and I’ll take a look.
You are correct but I decided to just delete the page.
I would have undertaken this security install before now, had I known that the hosting provider would basically do it for me.
Thank you for the guidance.
My company gave me a discounted SSL certificate for the first year, but they hit me up for a $40 set up fee, as well as a $50 per year fee afterwards. Who gives free certificates? I’m only paying $50/year to have them host two websites. Does this pricing sound reasonable? Thanks!
This seems unreasonable to me. My host is $30 per year, very good service, free SSL certificate, free set up fee, etc. Nor is my hosting company unique in that way. Unfortunately the company I use is for academic institutions and academics only. But others can surely chime in here on their recommendations.