My site is "not secure"

User Help for Mozilla Firefox
Post Reply
jhaber3
Posts: 374
Joined: January 16th, 2005, 9:04 am

My site is "not secure"

Post by jhaber3 »

When I go to my home page, a WordPress blog, no warnings. However, when I to to the admin page and try to log in, I get the little pop-up of the lock with a red slash telling me that it's not secure. I have had, of course, to proceed anyway to update things, but what should I do to make this secure? I realize I have imperfect control of WordPress and its interface, but I should do something. My site is http://www.haberarts.com/, and I assume I shouldn't tell you the admin URL.

I tried, fwiw, to open the same page but with https, not that I could have told you that such an address exists. There I got a whole Firefox page telling me I could not continue because the site is insecure. Incidentally, I also get the smaller pop-up warning when I log into mozillaZine! I should say that my passwords have a mix of lc letters, up letters, numbers, and punctuation, so I'm satisfied on that account. Thank you.
User avatar
makaiguy
Posts: 16878
Joined: November 18th, 2002, 6:44 pm
Location: Somewhere in SE USA
Contact:

Re: My site is "not secure"

Post by makaiguy »

Starting with Ver 52, FFox pops up a warning when attempting to log into sites not accessed via a secure connection (i.e. those using non-secured http protocol instead of secured https protocol). The warning correctly points out that your login name and password are being transmitted in the clear where they can be captured by any server along the way.

This does not mean that the site you are trying to log in to has suddenly become insecure. This situation has always been there, but the folks at Mozilla just decided they'd warn you about it.

To avoid the warning:
  1. If the site supports a secure https connection, use that instead of http. Your transmission will be encrypted and only readable by your destination site.
  2. If you just don't want FFox to warn you of these insecure connections, do this:
    • Enter about:config in the Address/URL bar.
    • Press the button to agree to be careful (if you haven't done this previously).
    • Enter insecure in the Filter bar to limit display to just options containing 'insecure'.
    • Double-click on each of the following two options to toggle them between true and false. Set them to false:
      security.insecure_field_warning.contextual.enabled
      security.insecure_password.ui.enabled
    • Enter autofill in the Search bar.
    • Double-click on signon.autofillForms.http and toggle it to true.
    NOTE: if any of the above options are not found, you can create them manually. Right-click (control-click on Apple) an empty space in the option list. Click New | Boolean. Enter the option name and appropriate true/false value.
Doug Wilson
Win10 64bit: FF 115.0.02 64bit, TB 102.12.0 32-bit ║ Android 13/10: FF 115.2.0/115.0.1 ║ No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers
User avatar
Reflective
Posts: 2283
Joined: February 15th, 2007, 11:13 am

Re: My site is "not secure"

Post by Reflective »

See this WordPress support site for instructions on how to enable SSL for your own site: https://support.managed.com/kb/a261/how ... -site.aspx
jhaber3
Posts: 374
Joined: January 16th, 2005, 9:04 am

Re: My site is "not secure"

Post by jhaber3 »

Thanks to you both. Makai, I changed those three options, and as you say the warning has vanished. Reflective, I appreciate the link. Changing to https seemed above my head, and it still looks imposing, but this could help.
jhaber3
Posts: 374
Joined: January 16th, 2005, 9:04 am

Re: My site is "not secure"

Post by jhaber3 »

May I also ask your opinion about transitioning to https? If I understand correctly, it's designed not so much to protect the site as to protect the privacy of users. (I don't quite understand how, after reading a few online articles, but that's neither here nor there.) In other words, it would be to protect my identity from my admin page, or from me! It's of obvious advantage to a commerce site that asks for payments, but that's different. And of course it would cost me a small sum each year for the certificate. So is it really worth it?
User avatar
James
Moderator
Posts: 27999
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Re: My site is "not secure"

Post by James »

jhaber3 wrote:And of course it would cost me a small sum each year for the certificate.
May not cost you anything https://letsencrypt.org/
User avatar
MarkRH
Posts: 1357
Joined: September 12th, 2007, 2:30 am
Location: Edmond, OK
Contact:

Re: My site is "not secure"

Post by MarkRH »

It would basically double my webhosting costs, just for a single domain. I would have to pay for both a private IP address (on shared hosting) and the certificate. My blog has been this way for 10 years. Until WordPress itself or something requires SSL I'll just let it be. I do other things like banning all other IP addresses except mine from being able to log into my site. There is no reason for someone else to log into my blog or galleries.
Post Reply