Switch to Https

[i-man]

Hey guys i just made a switch to HTTPs. I did it because Google email me to do so because of the forum section of the site. I did the whole setup all by myself, so i would like you to tell me if you are seeing the green padlock in your browser when you visit the site. Please and thank.

 

[onlinecasinoscloud1]

I checked and I see "Green Padlock" in Firefox and Chrome browsers, so it looks like it's all right.

 

[Miles_Videoslots]

Got the Padlock well done

 

[Guard Dog]

So.... did you get that email that goes something like this:

Nonsecure Collection of Passwords will trigger warnings in Chrome 56 for https://www.affiliateguarddog.com/

To: owner of https://www.affiliateguarddog.com/

Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.

The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.

**SNIP** {Some big long Google URL to content on the forums that didn't have any such insecure request for anything like passwords, credit cards, etc} **SNIP**

The new warning is the first stage of a long-term plan to mark all pages served over the non-encrypted HTTP protocol as “Not Secure”.

Here’s how to fix this problem:
Use HTTPS pages to collect sensitive information

To prevent the “Not Secure” notification from appearing when Chrome users visit your site, move collection of password and credit card input fields to pages served using the HTTPS protocol.

**URLSNIP** Read the WebFundamentals article **URLSNIP**

If so... I would be very interested in your full approach and why you felt it necessary. And, if I should maybe follow that path.

Thanks bud!!!

Andy

 

[i-man]

So.... did you get that email that goes something like this:




If so... I would be very interested in your full approach and why you felt it necessary. And, if I should maybe follow that path.

Thanks bud!!!

Andy

Yes i got that email.
The HTTPS switch is mainly for websites that accept registrations. Once you have password protected sections on your site with people info, then you need to have HTTPS for that extra added security.

Goolge said that people going to the forum section of my site would see the “Not Secure” unless those pages are served over HTTPS. That is why i do the switch.

AffiliateGuardDog Definitely need to do the switch as Firefox is already showing the not secure sign, so yes that is a must.

How i did it? I ordered the SSL from Godaddy but because i am not hosting with them i have was to upload a Certificate Signing Requests (CSR)

The CSR is created in Cpanel where the domain is been hosted.
Step 1: you create a private key
Step 2: you create the CSR
Step 3: paste CSR code where Godaddy said to
Step 4: Godaddy create and send you SSL to download
Step 5: Upload SSL to Cpanel and selcect which domain to install it on

This is not a one approach for all as each website and platform is different, so the best thing to do is let your hosting provider help with the installation.

 

[AussieDave]

@i-man, don't mean to be the bearer of bad news... BUT you've missed pages. I found this one below, but at a guess there'd be more, maybe a lot more.

EG - http://www.casinobonuscatalog.com/review/slotland-casino/

I dare say, this is because you've not included the correct .htaccess adjustments to main directory folders, or even in the root .htaccess itself. Changing your WP setting from http > https does not fix all the issues. That catches most people out btw.

If you need that code let me know here and I'll post it, with instructions!

I'm about to call it a night. The sun is rising here. No I'm not a vampire

 

[i-man]

@AussieDave, Thanks for the input man, i do have the .htaccess setting.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Is this the wrong code?

If it is please post the correct code and instruction so others can follow

 

[jopaa]

BUT you've missed pages. I found this one below, but at a guess there'd be more, maybe a lot more.

EG - http://www.casinobonuscatalog.com/review/slotland-casino/

I see the https version when I click the above page.

 

[GamblersFever]

I see https in the bar for that above page as well, but there's no Secure green padlock.

Probably caused by some external content which is http, otherwise https seems to be working just fine.

 

[i-man]

I see https in the bar for that above page as well, but there's no Secure green padlock.

Probably caused by some external content which is http, otherwise https seems to be working just fine.

Thanks @GamblersFever, That is caused by the banner image on the page, there are a few others like that too. Might have to get rid of those banners.

 

[AussieDave]

GamblersFever has also eluded to the https being present, BUT the green padlock is not. Just recheck and it's missing... See!

Just so everyone is clear on this, external links which are NOT SSL, should not affect a site's SSL certificate.
(I'm not entirely sure if an iframe pulling a non SSL will affect it, BUT I'm fairly sure it wont).

When I installed my 1'st SSL, I got these errors too. I had to nut it out myself, which was rather frustrating at the time.

However, the issue causing the above error, relates to images (I also believe this happens with videos) served from the site, which has the SSL certificate. If these folders do not contain a specific .htaccess rules, then your going to get the "yellow" exclaimation warning.

In then end, every page had an active-green-padlock.

Instead of people getting confused with written instructions, and wrong installs, I've taken the time to draw a setup diagram.

NB - I've not included ssl code for your site's root. But that's easy to source online.

(no kisses/hugs but thanks are fine )

If your using additional image/media/js & css folders residing on your site's root, you'll also need to add the .htaccess file to these folders.

NB - Every .htaccess file is unique to each folder, because each folder's name is included in the .htaccess code, residing in each folder. This code is recursive... meaning... all sub folders below these top level folders will be covered with these .htaccess rules.

Site not using www (change out each folder's name with correct folder placement):

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} wp-admin
RewriteRule ^(.*)$ https://yourdomainname.com/wp-admin/$1 [R,L]

Site using www (change out each folder's name with correct folder placement):

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} wp-admin
RewriteRule ^(.*)$ https://www.yourdomainname.com/wp-admin/$1 [R,L]

If after doing this, your still NOT getting the ssl-green-padlock, then check to see if you've changed your WP settings from http >>> https. Also check plugins, because some of these also require you to manually set the site's protocol.

Edit (attention Admin/Mods):
I'm fairly sure I've gone to the trouble of writing one of these how-to's a few years back. However this and things like it, should get added to a Resources Forum. It's then just a matter of searching those forums, instead of these and other stuff getting lost, and having to be re-done

P.S. One of the simplest ways to get SSL for your site is to purchase it thru your hosting provider. Doing so means they'll generally set it up for you. BUT you may have to install the above .htaccess code into the additional Top Level Folders.

Yes, another Edit:
It's been another long night, the memory's a bit shot. If your using a STATIC IP for your internet connection, it's a best-security-practice to add the following code to your .htaccess in wp-admin (replace x.x.x.x with your static ip). This prevents anyone other than you accessing wp-admin. If you have other editors who do use a static ip, just added further allow from ip's. If however they don't use a static ip, this will block them:

order deny,allow
deny from all
allow from x.x.x.x

 

[slotplayer]

you can see the mixed content using FF Web Developer Tools.

 

[AussieDave]

@slotplayer - reiterating, if people add that code above, then their site will NOT have these SSL errors!

Plus thinking about it now, external sites, with https or without, will NOT affect a site's SSL certificate. Why? Well the SSL is specifically for that site. If however the https site is serving mixed (aka http) content (which will be images etc, then that will throw a YELLOW ! Mark.

It's like running a webpage speed test, and receiving a 1 or 2 points deduction, cause Google Fonts has not set a expirey date. No one one other than Google can fix that problem.

NB - Most banners are served from my side, However, a few BIG ones are pulled from aff programs, and not ALL of those are SSL.

But they do not cause SSL site errors

 

[AussieDave]

One more thing I wanted to add, which should clarify doubts about the port #.

• Port: 80 is used for non secured http
• Port 433 is used for secure https

However the above .htaccess code denotes port: 80

Thought that was odd, when I was looking for this fix orginally. However, every instance I found, used port 80. Not that I'm au fait with Port Protocols etc, but I'm guessing once SSL is added to a site, then the server's *.ini files etc, config this stuff behind the scenes. All I know is it works

 

[i-man]

Thank you @AussieDave for the the input, all seems to be working now.

 

[GamblersFever]

Dave, I tested it. My site has an SSL certificate that works properly, and on one of my pages I intentionally added an Intertops banner, which is served from a http connection. And voila - the green padlock is gone on all browsers:
(I can't post links yet - visit gamblersfever.net and click on the "Winning roulette tips for beginners" article)

Feel free to click around - all other pages have the green padlock.

The warning is there whenever there is http content being served to the user, regardless of the source. My certificate is valid, my redirects are in place, but still the page is not secure because it's serving http content from Intertops via my site.

 

[i-man]

Try this plugin and see what happen https://wordpress.org/plugins/really-simple-ssl/

 

[Moonlight Cat]

no Secure green padlock

p.s. for green padlock all images must be <img src="https://