Sadly, I’m familiar with alarming messages about this website. Typically, the email is from my provider who alerts me with a hacking attempt on the site — a result from their sloppy security, not mine. (Read more here.) This latest email, telling me that my site is insecure, was from goliath Google itself.
I know that the site isn’t “secure” in terms of how it’s accessed: The URL is http
and not https
, which is the more secure, encrypted form of web page access. I get prompted to pay for that upgrade when I renew the wambooli.com
hosting, but because I don’t ask for financial or other sensitive information on this site, it’s not been necessary.
Then comes the message shown in Figure 1.
Immediately, I thought that the site had again been hacked. Upon re-reading the message, it wasn’t. The red flag for the site are the input fields in the blog. According to the email, when someone logs into the blog in the future, and they’re using the Google Chrome web browser, they’ll see a warning. In fact, they’ll see a warning on any website that doesn’t use the https
protocol. That change is bound to freak-out a lot of users.
As I sat and stewed over the message, I shook my head. Yes, it’s inevitable. I’ll have to pay the $70/year extra to get Wambooli upgraded to https
protocol, not because I ever plan on asking for secure information on the site, but because I don’t want my readers freaking out when Chrome has a spaz because the site uses http
.
So I purchased the certificate and had it installed. The big question looming as I write this post (Friday, August 18) is how it affects access. For example, all my links are to http://www.wambooli.com/
. Will the https
protocol automatically switch over the domain? Or will I have to update every link on the site?
Time passes
It’s just a few hours since I installed the SSL Certificate. Right now, I can access the site two ways: http
or https
. I’ll have to do some research to see how to convert it over to https
. I know that if you attempt to access other https
sites (Google, Facebook) that you’re switched automatically.
Also, things are still making the transition as even when I specify https
as the URL some parts of the site are labeled “not-secure.”
Two days later
The site is all updated. I found the directions to install the redirect, so however you access wambooli.com, the site shown is the secure version. Now I just have to wait until October to see how this change in Chrome affects the site, or whether I need to update my other sites as well.
By the way, I’ve learned that you can disable Chrome’s secure site checking. I’ll cover that topic in October as well.