Thread: "This site may be hacked"
View Single Post
Old 26th March 2017, 04:19 PM   #11
kronckew
Member
 
kronckew's Avatar
 
Join Date: Mar 2006
Location: Room 101, Glos. UK
Posts: 4,150
Default
google is 'encouraging everyone to go to https

see https://www.freshleafmedia.co.uk/blo...te-be-on-https, amongst others...

Quote:
Why should I use it for my website?

Well, if you’re sending any information you wouldn’t want a third party to get their hands on, HTTPS makes sense. It’s not true to say that you only need HTTPS if users are submitting credit card details to your site (although you definitely need it then, and you should never put your own credit card details into a site that isn’t secured using HTTPS). It means that any websites that have any passwords or personal information submitted to them should run on HTTPS. A good example is your Content Management System, or CMS. Many sites nowadays have a CMS that runs on the same domain as the website. So you might log in to edit your site at www.yoursite.com/cms or www.yoursite.com/wp-admin. Into that login page you put the password that enables you to edit your public-facing website. Do you really want that to fall into the wrong hands?

If that’s not enough reason (and it really should be), consider this: since 2014, Google has been pushing ‘HTTPS Everywhere’, an initiative to make the web more secure by moving all web traffic onto the secure protocol. That year the search giant announced a minor rankings boost for sites using HTTPS, meaning that it can factor into a website’s search results position. Now they’ve also announced that any website accepting credit card details or passwords via HTTP will be slapped with an ‘insecure’ warning in the latest version of Google’s Chrome browser. Google’s pushing for HTTPS, and its sanctions against sites not using it will only get stronger as time goes on.
What does it cost?

Until recently, cost was sometimes cited as a reason not to use HTTPS. Secure certificates were (in some cases) expensive to obtain, complex to configure, and had to be renewed annually. However, in April 2016 a new certificate authority, Let’s Encrypt, was launched, offering free certificates and an automated process that replaces the manual creation, validation, signing and installation of certificates… giving everyone one less reason not to use HTTPS.
note especially the bold bit, and the italic bits i've highlighted. the 'or passwords' in particular. might be why some people get warned, are they perchance using chrome? firefox is heading that way too, i get the message on some sites.

as noted if you get any message offering to fix an infection of your pc by visiting a link in a warning message, avoid it like the plague. because it IS the plague & they will infect you and try to extort money from you.


note: my browser address bar indicated that the vikingsword site is connected securely (encrypted) if i use the https address, so there's a security certificate out there somewhere in your cluster. note the little closed lock between the site favicon on the https address, it indicates the connection is encrypted. maybe your isp or hosting provider has gifted you.

edited:

have added an attachment of the message i get connecting via https in chrome, ie, and edge. appears there is a certificate but it's revoked. firefox allows for exceptions. note the upper screenshot is from firefox that is allowing connection, the seperate lower with the warning is from the other browsers. maybe your hosting co. has an expired certificate? you might want to ask them what's up. and get a free one from the company mentioned above...like chicken soup for a cold, it's can't hurt...
Attached Images
  
Last edited by kronckew; 26th March 2017 at 04:49 PM.
kronckew is offline   Reply With Quote