Not Secure Website?

[Solarbeast]

Apparently, this site has been labeled as Not Secure by Google. This means that there is a much higher risk this site may be hacked or has already been hacked to share everyone's personal information. It could have been labeled as Malware or Phishing as well. I'm wondering if anyone else is seeing this on there web search bar or is it just me? Also, does anyone know of ways to make this website secure so that all of our data stays safer than it is now? I, personally, am getting a lot more spam calls and text messages and I doubt it is coming from this site, but I would love to make this site secure so that I personally know it is not this site.

[Xtc]

[mention]chadmc90[/mention] , are you aware of this?

[Pup]

Okay that is nothing to do with how the "not secure" tag by Google works.
Google recently made it so websites not secured by Https are labeled as insecure. Up until a few years ago it was standard practise to only use Https when payments etc were involved, now it's standard practise to use it anywhere.

There are a few more risks involved in the site not using Https, though that mostly would involve a user managing to log in as an admin by intercepting their login details. This is something which is not really possible to automate, and hence someone would specifically have to go to the trouble of doing it.
Why would someone go to the trouble for a tiny internet forum where the only info they would get is a few people's email addresses.

Yes it would obviously be a good thing for the site to use HTTPS, but it is hardly nessassery in this case.

Okay in hindsight this reply reads quite passive aggressive, wasn't my intention, thought I'd just share some knowledge. Sorry

[Solarbeast]

[mention]Pup[/mention]. Okay good to know. I only read what the information link they provided for me hinted at. I personally only know how to use a website template to create a website and not how to manually run one myself, so I am not used to seeing these types of concerns pop up. That combined with the ever growing annoyance of spam is making me question more normal things in my everyday life on the internet.

[Pup]

Yeah, absolute worst case, your password could be obtained by intercepting your specific internet traffic. But that is far more likely to be done by someone connected to your WiFi network than anything else, and there are a variety of protections against this not including https, so it isn't a worry in most situations.
If someone with the ability to get your password simply because the website doesn't have HTTPS is specifically looking through your internet traffic, you have far greater concerns than this.


It's worth noting, barely any websites in China use HTTPS, and they survive just fine. Though that's because China's government gets inconvenienced when websites use HTTPS. Makes it harder to see what news articles etc. people are reading.

Here's an interesting article on the subject. Goodluck reading it if you are in China. https://www.bbc.com/news/technology-45098190

[chadmc90]

Thanks [mention]Pup[/mention] for explaining it.

It would also essentially add another expense to the hosting cost to the website when it is generally unnecessary.

[vitya]

@chadmc90: actually, it doesn't. If you're not hosted on a shared hosting(as in you either have a VPS or a dedicated server), you can get a free SSL cert either from letsencrypt or cloudflare(even with the free plan). And letsencrypt even provides scripts for auto-renewal and automatic configuration of your webserver to use the cert they provide

[drawscore]

It may not do a lot of good, but, depending on your browser, at sign on, if you press Ctrl-Shift-N (or Ctrl-Shift-P), you can bring up private browsing, Don't know if it will keep the hackers out, but it can't hurt.

Drawscore

[Pup]

It may not do a lot of good, but, depending on your browser, at sign on, if you press Ctrl-Shift-N (or Ctrl-Shift-P), you can bring up private browsing, Don't know if it will keep the hackers out, but it can't hurt.

Drawscore

Private browsing (for standard browsers IE, Chrome, Firefox etc.) does nothing to prevent hacking or government monitoring or anything like that. Private browsing prevents cookies etc. from being saved to your computer, and prevents your computer keeping track of where you have been. Your internet service provider, or even your routers logs in some cases, can just as easily see where you have been and what you have been looking at.

[chadmc90]

@chadmc90: actually, it doesn't. If you're not hosted on a shared hosting(as in you either have a VPS or a dedicated server), you can get a free SSL cert either from letsencrypt or cloudflare(even with the free plan). And letsencrypt even provides scripts for auto-renewal and automatic configuration of your webserver to use the cert they provide

We are on shared hosting though through Gatorhost. I'll check back into it again to make sure, but if it's going to add another expense to the sites hosting fee when there's little use for it then I'm not going to use it.

[Pup]

We are on shared hosting though through Gatorhost. I'll check back into it again to make sure, but if it's going to add another expense to the sites hosting fee when there's little use for it then I'm not going to use it.

It certainly isn't bad to have, but we don't really have a need for it so certainly don't consider it if there is hassle or an extra cost involved.

[chadmc90]

We are on shared hosting though through Gatorhost. I'll check back into it again to make sure, but if it's going to add another expense to the sites hosting fee when there's little use for it then I'm not going to use it.

It certainly isn't bad to have, but we don't really have a need for it so certainly don't consider it if there is hassle or an extra cost involved.

Oh i understand what is is and why it is important for some websites to have it, but like you said its only neccessary if the information is extremely sensitive and there's a high risk. Hackers are not likely not to target a small website just to figure out that aj2179(no offense if that's someones username here) has a foot fetish. They're going after sites with lucrative information such as ecommerce sites.

[Amm1973es]

To me the chrome also shows me the same, but I do not think either that the information that we share here matters too much to someone unless you are some important public or company position.

[Jon2525_99]

[mention]chadmc90[/mention] I think if you can find a way to do it for free, or relatively cheap, it's worth doing. I know it's a tiny corner of the internet, but we live in different times of internet privacy. Everyone should expect anything posted here is public domain, but still.

[Johnsnow]

This topic has been discussed a while ago and has, for the time being, we have decided to stay with http and not https because of the extra costs. Topic locked to further discussion.