Using Pulse CMS, I've got a warning when trying to login, help please


(Gabrielle Vickery) #1

Can someone explain what I should do in this case? I’ve just tried logging into the backend of a site I haven’t gone into in ages, using PulseCMS, but at the password page there is a message saying ‘this connection is not secure. Logins entered here can be compromised’.

I’m a little worried that the the fix will be really complicated!


(scott williams) #2

Is it just because it’s not an https page? Which browser?


(Gabrielle Vickery) #3

I’ve never set up https pages before so I don’t know how. Is it browser specific? I was logging in using Firefox 52.0.


(Jannis from inStacks Software) #4

Can you make a screenshot of that error message?

Was either Pulse CMS or PHP updated to a never version?


(Jochen Abitz) #5

You found the reason why I wrote this blog post about SSL integration:


(Jannis from inStacks Software) #6

That’s not the matter here. The question is why that’s happening now, but not “ages” ago.

If it is a browser message, I guess an updated browser version is now displaying that.


(Jochen Abitz) #7

Yes, next browser generations are displaying this message (Chrome, Firefox) on non-SSL sites forms.


(Gary) #8

@jochenabitz They are not displaying it on my non HTTPS PulseCMS forms in Chrome, so I don’t think this is a HTTPS issue.

Edit: Doesn’t display the error on Firefox either.

@Gabrielle Have you contacted the developer of PulseCMS at Yuzool? That would be your first port of call. There are 1000’s of installations of PulseCMS and if HTTPS really was the issue, it would have been addressed. Also no point thinking “I’m a little worried that the the fix will be really complicated!” before you know what the issue is and contacting the developer.


(Jochen Abitz) #9

(Jannis from inStacks Software) #10

Maybe this is a special setting inside the browser, maybe this is depending on the HTML markup of the website. But that the next browser generations (whatever that is in detail) are in general displaying that message when entering a password on non-ssl sites is AFAIK wrong.


(Michael Frankland) #11

If you need any help about this - please get in touch! :slight_smile:


(scott williams) #12

My first suspicion is it’s because there is a login/password input on the page and some of the newer browsers are starting to give notices when a page is not https (secured)

Now mind you, this is only a theory on my part :grimacing:


(Gabrielle Vickery) #13

This is what I see when I go to login.

I’m pretty sure that my Pulse is quite old, but when I set it up I was told to stick to the older version unless I needed to use the pulse front end design templates in which case I should then upgrade. But like I say that was a while ago.

Ah because of your posts I tried to login using Chrome and I don’t get the same message, it logs me in as usual with no problems. So what does that tell us?


(Jannis from inStacks Software) #14

That FF now tells you, entering a password over a non-https connection might be insecure. This has nothing to do with Pulse CMS.


(Gabrielle Vickery) #15

So are you saying that as long as I use a browser where that warning doesn’t come up then I’m safe? Or I need to do something else?


(Jannis from inStacks Software) #16

The site is as secure (or insecure) as before. That is not a browser choice question, but if you want to secure your site with HTTPS or not.


(scott williams) #17

It’s no more unsafe than ever before, it’s just that browsers are now starting to warn if the site is not https.

So you can leave it, no worse off than it’s ever been, or you can get a security certificate and make the necessary changes to have a secure site.


(Gabrielle Vickery) #18

Thanks for that link Jochen, there’s quite a lot of information to get my head around but I’ll look at this more carefully for sure. Thanks again everyone.


(Michael Frankland) #19

If you need help with setting up a SSL @Gabrielle - I can send you lesson #2 from our email course and we talk about that in there :slight_smile:

By default now I always add SSL https to all sites I publish

cheers!


(Gabrielle Vickery) #20

Hi Michael, it sounds sensible to start using them, so yes please do that would be great :slight_smile: