Site says not secure.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • montana rover
    Senior Member
    • Oct 2016
    • 168
    • 5.3.x

    Site says not secure.

    Some members are asking me about this. In the URL address, it's saying not secure. What can I do to correct this?

    Click image for larger version

Name:	secure.jpg
Views:	267
Size:	13.9 KB
ID:	4401600
  • Mrs.T
    Senior Member
    • Nov 2007
    • 1210
    • 6.0.X

    #2
    We are getting similar member reports, if they click on any email links such as forgotten password or activation links, they get a site not secure warning.

    Comment

    • montana rover
      Senior Member
      • Oct 2016
      • 168
      • 5.3.x

      #3
      Thanks for replying, but what can we do about it. Some members go crazy...

      Comment

      • Mark.B
        vBulletin Support
        • Feb 2004
        • 24286
        • 6.0.X

        #4
        I've asked about this....
        MARK.B
        vBulletin Support
        ------------
        My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
        My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

        Comment

        • Mark.B
          vBulletin Support
          • Feb 2004
          • 24286
          • 6.0.X

          #5
          Originally posted by montana rover
          Some members are asking me about this. In the URL address, it's saying not secure. What can I do to correct this?

          Click image for larger version

Name:	secure.jpg
Views:	267
Size:	13.9 KB
ID:	4401600
          Ok for this site, on your home page you have an embedded image loaded over http rather than https, which is giving a mixed content warning:



          You'll need to load that over https instead, that will fix your problem.
          MARK.B
          vBulletin Support
          ------------
          My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
          My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

          Comment

          • Mark.B
            vBulletin Support
            • Feb 2004
            • 24286
            • 6.0.X

            #6
            Originally posted by MrsTiggywinkle
            We are getting similar member reports, if they click on any email links such as forgotten password or activation links, they get a site not secure warning.
            I'm not seeing any issue on your site, can you replicate the problem yourself using a test account and requesting a new password?
            MARK.B
            vBulletin Support
            ------------
            My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
            My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

            Comment

            • glennrocksvb
              Former vBulletin Developer
              • Mar 2011
              • 4011
              • 5.7.X

              #7
              It's inevitable for forums with user-generated content that someone would embed an external image pointing to an http address. In that case, you would get mixed content error causing no padlock icon in the address bar. To avoid that, add this in the head.

              HTML Code:
              <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
              To add it on self-hosted version, you simply paste the code in head_include template.

              For vBCloud, you can re-purpose the Search Engine Tools > Google Ownership Verification HTML tag in AdminCP and add the meta tag there. Be sure to enable the Enable Google Ownership Verification if it's not enabled yet.

              Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

              Comment

              • Carrfixr
                Senior Member
                • May 2017
                • 1364
                • 5.5.x

                #8
                Thanks Glenn

                Comment

                • Mrs.T
                  Senior Member
                  • Nov 2007
                  • 1210
                  • 6.0.X

                  #9
                  Originally posted by Mark.B

                  I'm not seeing any issue on your site, can you replicate the problem yourself using a test account and requesting a new password?
                  I will try Mark and see what happens. (Might have to be tomorrow, half term here and grandparent duties for 4 hyper grandchildren )

                  I have asked members what browser they use but no reply yet, I heard the latest Firefox might be showing Https sites as not secure but can't find any firm reports.

                  Comment

                  • Mrs.T
                    Senior Member
                    • Nov 2007
                    • 1210
                    • 6.0.X

                    #10
                    Originally posted by Glenn Vergara
                    It's inevitable for forums with user-generated content that someone would embed an external image pointing to an http address. In that case, you would get mixed content error causing no padlock icon in the address bar. To avoid that, add this in the head.

                    HTML Code:
                    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
                    To add it on self-hosted version, you simply paste the code in head_include template.

                    For vBCloud, you can re-purpose the Search Engine Tools > Google Ownership Verification HTML tag in AdminCP and add the meta tag there. Be sure to enable the Enable Google Ownership Verification if it's not enabled yet.
                    Thanks Glenn I will add that but not sure it would fix the email problem as the links are definitely https.

                    Comment

                    • Mark.B
                      vBulletin Support
                      • Feb 2004
                      • 24286
                      • 6.0.X

                      #11
                      Originally posted by MrsTiggywinkle

                      Thanks Glenn I will add that but not sure it would fix the email problem as the links are definitely https.
                      Mixed content won't affect links in an email, unless there's an insecure image embedded in the page linked to, which is unlikely.
                      MARK.B
                      vBulletin Support
                      ------------
                      My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                      My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                      Comment

                      • montana rover
                        Senior Member
                        • Oct 2016
                        • 168
                        • 5.3.x

                        #12
                        Thank you Mark for pointing me in the right direction. He's was my issue.

                        I had added a "Static Module" and within it I added 3 external links and their banners in the module HTML box to show this below. It's a screen shot so clicking on it won't work.

                        Click image for larger version

Name:	secure3.jpg
Views:	320
Size:	37.1 KB
ID:	4401677


                        When I opened up the module and looked at the HTML code, 4 out of 6 URL didn't have the "S" after the "P" http:// to be https://. See photo below.

                        Click image for larger version

Name:	secure1.jpg
Views:	185
Size:	116.6 KB
ID:	4401678


                        After making the corrections, I now have a secure site!!!! Members are HAPPY once again.

                        Click image for larger version

Name:	secure2.jpg
Views:	154
Size:	5.2 KB
ID:	4401679

                        Hope this helps others.

                        Comment

                        • Mrs.T
                          Senior Member
                          • Nov 2007
                          • 1210
                          • 6.0.X

                          #13
                          Originally posted by Mark.B

                          I'm not seeing any issue on your site, can you replicate the problem yourself using a test account and requesting a new password?
                          I tested it Mark.B without any problems. Will just have to wait until it happens again and try to find out what browser they use or what steps they did at the time.

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...