Viewing Website not private, stealing info!

  1. Portal Home
  2. Forum
  3. EverWeb
  4. How do I...?

Website not private, stealing info!



User: Susan S. 6 years ago
I know as of June 2018 if you don't have an https:// website it comes up on Google and other browsers as "not secure."

However I did a website for a friend and people who are accessing the site are not just getting the "not secure" warning in the address bar of the site, they are getting a big HUGE notice that says the site is impersonating the real site and going to steal personal and financial information.

This site IS the real site, they are not stealing anything, they have a simple PayPal button that allows you to pay for a Ukulele Festival!

Why are they getting this notice instead of the regular "not secure" notice? Is there something about an Everweb site that looks.... less secure than say a WordPress site?

The guy who I did the site for has his own Wordpress site on the same server (the Ukulele site is another domain added on to his hosting space) and has had no problems with his site at all (it's http://. And this Ukulele site has worked fine since June, it just had the "not secure" warning in the address bar of the browser. Now it has this big web page warning thing.

Any help would be appreciated. I've attached the warning and I'd appreciate if some of you would try the site and tell me what you see. (PS I didn't design the site, someone else did I just put it together. I would have done something different).

www.vermontukuleleharvest.com

Thanks,

Susan

secure.png
User: Paul-RAGESW 6 years ago
Hi Susan,

This is simply because you are trying to access his website using https but you don't have a SSL certificate on the website. It doesn't say it is impersonating a site, it says it MAY be impersonating the site because there is no SSL certificate that confirms the connection from your browser to the server is secure.

This has nothing to do with EverWeb or the PayPal button

You either have to;

1. Access the website without https so just http:// (without the s after http). Which of course isn't recommended since you should have an SSL certificate on your website. Every web host has different pricing and set up instructions for an SSL certificate so you would have to contact the web hosting provider for more details on setting this up

2. As mentioned above, you would have to ask the web hosting provider to set up an SSL certificate on their end for the domain name. Then in EverWeb go to File->Edit Publishing Settings and in the URL field enter the url with https:// (right now it is probably http://)

Those are the basic steps. If you go with option 2 you would also want to;

1. Ask the web hosting provider to forward non-https URLs to the secure https urls (they should be able to do this for you on their end or provide instruction on how to do this (please note that on EverWeb + Hosting this is all done automatically or you)

2. If you use any third party widgets, please test your website that have them because some older, third party widgets may not be updated for an https website. So you should visit each page in your web browser to see if there are any warnings from your browser. If a third party widget isn't updated properly for https websites you may see broken images or a message saying that the page links to insecure content.

I hope this helps, please let me know if you have anymore questions.

Last edit 6 years ago

-------------------------------
Paul
EverWeb Developer
User: Susan S. 6 years ago
Thanks Paul, some new info there I didn't know. But again, it's not my site and I guess they don't want to do an SSL certificate, the site is only up for a couple of months each year. But I still don't understand why I just get a "not secure" in the browser bar and a few people are getting a big warning - is that browser specific?

Susan
User: Paul-RAGESW 6 years ago
Hi Susan,

It depends if you visit the website with https or without http.

http://www.vermontukuleleharvest.com (This will have a "Not Secure" warning in the path bar in Google Chrome but will work)

https://www.vermontukuleleharvest.com (this will show the big error you were getting in most browsers since you are linking to the https version but there is no SSL certificate)

Last edit 6 years ago

-------------------------------
Paul
EverWeb Developer


Post Reply
You must login or signup to post.