Tuesday, October 2, 2018

Your Connection Is Not Secure: OH NO!

your connection is not secure
Let's start with blaming Google a bit on this one. Then the hosting companies. Then you. Your connection is probably plenty secure, so don't worry too much, but if your website is telling most visitors that the connection is not secure, you're losing potential customers. I got a call from a potential client recently with this exact problem, and we're going to be seeing it over and over in the next few months (maybe years).

Basically, Google and other major players are pushing for a more secure web. I'm not going to get into the debate too much, but the skinny is that some websites may not need to be more secure, while it's a positive (probably) overall. But EVERYONE has to get on this bandwagon, and it's not always as easy as you might think. However, sometimes it is. A lot of it depends on your hosting provider.

Some hosting companies saw the forced transition to https as an opportunity to make a lot of money. That sucks for you if you have one of these. I just built a website for someone who would have had to have paid $40 a year to keep her old site and have it secure, and that's on top of the cheapo $60 hosting, so $100 a year for a simple website. I charge $100, but my hosting plan is more robust, and I take care of updates to the core files. Other hosting companies transitioned the free version of https. I have to say I was pleasantly surprised with one of my hosts (Lunarpages), which is sometimes pretty crappy. All of my sites just switched over with no problems. My other host (Siteground), which is usually awesome, offered free https, but I've had some major issues with having to manually renew the certificates. That's a pain, and it stinks when clients contact me thinking the website's been hacked when it's perfectly fine. Chrome and other browsers block it because of an expired certificate, and I look bad. Supposedly, Siteground has handled this, but we'll see when the certificates need to renew again.

Oh yeah, it might just be YOU, too. Often, like on this website, it's basically flipping a switch to make it all https. But who wants to think about that? Also, it wrecks some of the images you've used for years (hotlinking to a non-https image). That's considered mixed (http and https) content, and it messes websites up a bit, but the content is generally still accessible.

If you're having trouble with https and non-secure connections, give me a call. The number is Wisconsin (where I'm from), but I'm right here in Jax.