Recently you or your customers may have noticed an increase in “not secure” messages being displayed on parts of your Straightsell website. This article aims to help you understand what these messages are, why these messages are being displayed and what Straightsell are doing about them.
What do HTTP and HTTPS mean?
HTTP is the protocol used to transfer a websites data from one computer (the web server) to another (your web browser) over the Internet.
HTTPS is a secure or encrypted version of this protocol; Where the transfer of website data from one computer (the web server) to another (your web browser) over the Internet, is secure or encrypted and private. In order for a website’s data to be available via HTTPS, something called an “SSL certificate” which is provided by a 3rd party company called a Certificate Authority, needs to be purchased and installed on your web server. This certificate is used as a form of ID, for you to check and prove the website you are visiting is the real website you were expecting to visit, and not a fake one set up by hackers.
Why do parts of my website display as not secure?
Your website’s security has not changed recently, but the messages about security being displayed in your web browser has. Specifically, Google Chrome and Mozilla Firefox are both reporting “not secure” messages on any non-HTTPS page where a “password” field exists. This may be your home page if you have a login bar, a separate login page or your registration page.
Additionally, this message will be displayed on all pages where Credit Card information is entered, although this is not relevant as your Straightsell website Credit Card entry page is already served via HTTPS, and is secure, encrypted and private.
This “not secure” messaging varies across both browsers, see the following links and screenshots for more information:
Google Chrome™:
- https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
- https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
Mozilla Firefox®:
Why is this message being displayed?
This browser messaging is becoming more pronounced because Google and Mozilla, the creators of the Chrome and Firefox browsers respectively, are pushing for more websites to be secure, encrypted and private and thus make the web a safer place. This is a great thing for users, but is not without challenges for website developers and hosting providers, particularly those that host eCommerce websites such as Straightsell.
What is Straightsell doing about this?
We are aware of these changes and are investigating what is involved in being able to offer our customers full site HTTPS, to be able to serve every page of your website securely with encryption, and plan to have this in place by October 2017.
Whilst we work on this, we have come up with an optional interim solution that reduces the “not secure” messaging from being displayed on your website. This involves creating new login and registration pages that are served via HTTPS, securely with encryption. You can see an example of this on the Standard ‘Responsive Web Design’ eCommerce demonstration websites, available from our website here, http://www.straightsell.com.au/site/pages/standard-design-eCommerce-website.php. Test it out by loading any of the websites in the Chrome or the Firefox browser and viewing the login and register pages, noting they are shown to be secure, encrypted and private.
If you would like more information on having the optional interim solution put in place on your current website, please log a service request in the Straightsell Help Centre and we will be in touch.