{"id":9110,"date":"2017-08-21T00:01:01","date_gmt":"2017-08-21T07:01:01","guid":{"rendered":"http:\/\/www.wambooli.com\/blog\/?p=9110"},"modified":"2017-08-20T10:46:25","modified_gmt":"2017-08-20T17:46:25","slug":"a-more-secure-wambooli","status":"publish","type":"post","link":"https:\/\/www.wambooli.com\/blog\/?p=9110","title":{"rendered":"A More Secure Wambooli"},"content":{"rendered":"<p>Sadly, I&#8217;m familiar with alarming messages about this website. Typically, the email is from my provider who alerts me with a hacking attempt on the site &mdash; a result from their sloppy security, not mine. (Read more <a href=\"http:\/\/www.wambooli.com\/blog\/?p=9024\">here<\/a>.) This latest email, telling me that my site is insecure, was from goliath Google itself.<br \/>\n<!--more--><br \/>\nI know that the site isn&#8217;t &#8220;secure&#8221; in terms of how it&#8217;s accessed: The URL is <code>http<\/code> and not <code>https<\/code>, which is the more secure, encrypted form of web page access. I get prompted to pay for that upgrade when I renew the <code>wambooli.com<\/code> hosting, but because I don&#8217;t ask for financial or other sensitive information on this site, it&#8217;s not been necessary.<\/p>\n<p>Then comes the message shown in Figure 1.<\/p>\n<div id=\"attachment_9111\" style=\"width: 560px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9111\" src=\"http:\/\/www.wambooli.com\/blog\/wp-content\/uploads\/2017\/08\/0821-figure1_google-warning.png\" alt=\"\" width=\"550\" height=\"190\" class=\"size-full wp-image-9111\" srcset=\"https:\/\/www.wambooli.com\/blog\/wp-content\/uploads\/2017\/08\/0821-figure1_google-warning.png 550w, https:\/\/www.wambooli.com\/blog\/wp-content\/uploads\/2017\/08\/0821-figure1_google-warning-300x104.png 300w\" sizes=\"auto, (max-width: 550px) 100vw, 550px\" \/><p id=\"caption-attachment-9111\" class=\"wp-caption-text\">Figure 1. What they hey, Google?<\/p><\/div>\n<p>Immediately, I thought that the site had again been hacked. Upon re-reading the message, it wasn&#8217;t. The red flag for the site are the input fields in the blog. According to the email, when someone logs into the blog in the future, and they&#8217;re using the Google Chrome web browser, they&#8217;ll see a warning. In fact, they&#8217;ll see a warning on any website that doesn&#8217;t use the <code>https<\/code> protocol. That change is bound to freak-out a lot of users.<\/p>\n<p>As I sat and stewed over the message, I shook my head. Yes, it&#8217;s inevitable. I&#8217;ll have to pay the $70\/year extra to get Wambooli upgraded to <code>https<\/code> protocol, not because I ever plan on asking for secure information on the site, but because I don&#8217;t want my readers freaking out when Chrome has a spaz because the site uses <code>http<\/code>.<\/p>\n<p>So I purchased the certificate and had it installed. The big question looming as I write this post (Friday, August 18) is how it affects access. For example, all my links are to <code>http:\/\/www.wambooli.com\/<\/code>. Will the <code>https<\/code> protocol automatically switch over the domain? Or will I have to update every link on the site?<\/p>\n<p><strong><em>Time passes<\/em><\/strong><\/p>\n<p>It&#8217;s just a few hours since I installed the SSL Certificate. Right now, I can access the site two ways: <code>http<\/code> or <code>https<\/code>. I&#8217;ll have to do some research to see how to convert it over to <code>https<\/code>. I know that if you attempt to access other <code>https<\/code> sites (Google, Facebook) that you&#8217;re switched automatically.<\/p>\n<p>Also, things are still making the transition as even when I specify <code>https<\/code> as the URL some parts of the site are labeled &#8220;not-secure.&#8221;<\/p>\n<p><strong><em>Two days later<\/em><\/strong><\/p>\n<p>The site is all updated. I found the directions to install the redirect, so however you access wambooli.com, the site shown is the secure version. Now I just have to wait until October to see how this change in Chrome affects the site, or whether I need to update my other sites as well.<\/p>\n<p>By the way, I&#8217;ve learned that you can disable Chrome&#8217;s secure site checking. I&#8217;ll cover that topic in October as well.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The message from Google ticked me off, but it&#8217;s inevitable.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-9110","post","type-post","status-publish","format-standard","hentry","category-main"],"_links":{"self":[{"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/9110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9110"}],"version-history":[{"count":8,"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/9110\/revisions"}],"predecessor-version":[{"id":9122,"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/9110\/revisions\/9122"}],"wp:attachment":[{"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wambooli.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}