Site Security Warning: Firefox 51

  • 0
  • 1
  • Problem
  • Updated 3 years ago
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Archived

Hi Guys,


I have a number of subscription sites that require a password to enter.


Recently on the sign in screen, a warning message has begun to appear
stating that "This connection is not secure ... logins entered here could be
compromised".


This warning appears when the Firefox web browser is used.


Needless to say this is alarming customers.


There is a link associated with the warning message that takes you to a Firefox
support page:


https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861


The page reads thus:


"Insecure password warning in Firefox

 
This is a new feature that is available starting in Firefox version 51.

 

Firefox will display a grey lock icon with a red strike-through in the address bar, when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

 

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.

pwjpg

 

 

    What can I do if a login page is insecure?

If a login page for your favorite site is insecure, you can try and see if a secure version of the page exists by typing https:// before the url in the location bar. You can also try to contact the web administrator for the site and ask them to secure their connection.


Not recommended: You can also continue to log in to the website even if the connection is insecure, but do so at your own risk. If you do go this route, try to use a unique password or a password that you don’t also use for other important sites.
About insecure pages

Pages that need to transmit private information, such as credit cards, personal information and passwords, need to have a secure connection to help prevent attackers from stealing your information. (Tip: A secure connection will have "HTTPS" in the address bar, along with a green lock icon.)


Pages that don’t transmit any private information can have an unencrypted connection (HTTP). It is not advised to enter private information, such as passwords, on a web page that shows HTTP in the address bar. The information you enter can be stolen over this insecure connection.


Note for developers

For developers looking to learn more about this warning, please see this page. The page explains when and why Firefox shows this warning, and will also provide some details on how to fix the issue. For more information, see this blog post and this Site Compatibility document."



Can you help me address the issues raised here as I can see many potential problems if my

firefox using customers are receiving these repeated warnings  and may start viewing my sites 

as unsafe.


How can I secure my URLS and make them HTTPS  as discussed above?


Best Regards


Steve





































Photo of Steve7353

Steve7353

  • 1,422 Points 1k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Brian4612

Brian4612, Champion

  • 32,264 Points 20k badge 2x thumb
Many thanks for the update Steve. I know the HTTPS is becoming important to google and other search engines. In truth, unless you are requiring "personal" data like bank details etc to sell direct from your website then being secure isn't really vital, BUT.... customers get worried and if Google doesn't like it you can bet the www will have to fall into line.  I do know that Homestead are aware and are monitoring the effect of not being HTTPS for its builders. As a firefox user I will read through the link so once agina, my thanks.
Photo of Steve7353

Steve7353

  • 1,422 Points 1k badge 2x thumb
Hi Brian,

Firefox users are now being warned that Homestead sites that use password
protected pages are UNSAFE.

I have recieved a number of emails now from concerned customers worried
about the security of my sites in general!

I would like to know how I can make my URLs ... HTTTPS?

How much would it cost?

Is it possible?

This I think will be "none - negotiable" before long for web site owners and we need to
resolve this issue immediately.


Drew ... come on ... what't the official position on this massive issue?


Our customers are getting worried!


Regards

Steve
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
I am sorry Steve, at this time Homestead does not support https on websites.

Which site and pages are you working with? I may be able to offer some suggestions.
Photo of Steve7353

Steve7353

  • 1,422 Points 1k badge 2x thumb
But Drew ... Firefox are telling my customers my sites are unsafe
and this is causing max panic!


We need a solution here ... and fast!


Specimen page:


http://www.moresoftware4u.com/Contents.html



EVERY page on all my 4 subscription sites that
are password protected are displaying the same
message  ... and this is causing ALARM!


Why are some Homestead pages https eg


https://community.homestead.com/homestead/topics/site-security



You clearly have the ability to provide this service.


Why are you not doing so?




Very Concerning

Steve
Photo of susan2829

susan2829, Champion

  • 43,192 Points 20k badge 2x thumb
I guess my concern is with Fire Fox (Mozilla) and why they would do this without advance notice so webmasters and website building programs would have an opportunity to comply BEFORE the notice started popping up. Just sayin ....
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
Steve, integration of https is not a simple process and has never been part of Homestead's platform. The community has it as to post here, you must be logged in to your Homestead account, which is SSL secured.

I can look to see if I can offer a suggestion, but integrating SSL would need to be something that is designed, coded, and tested thoroughly before it could be implemented. It will be impossible to turn a switch and make this happen. I am sorry.

There has not actually been any change at all in the level of security. It is that Firefox now wants more and is notifying people. I am going to report this to the management and development team for you.
Photo of Steve7353

Steve7353

  • 1,422 Points 1k badge 2x thumb
Drew,


OK ... so why do companies offering a SSL service say the process is simple
and can be applied to any web site?


For example, what are your thoughts regarding the services of this provider:


https://www.123-reg.co.uk/ssl-certificates/



I don't need to secure / encrypt my whole site(s) ... only password protected
log on pages.


I need a solution to this issue ... customers are getting very anxious now.


Regards

Steve
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
The reason is that you need to be able to access settings that on the Homestead platform are not accessible at this time. The development staff would need to add the interface to allow the access and the engineering staff would need to grant required permissions and make sure that there are no other issues to be aware of. I am sorry, but while we may be able to do this at some point, it is unlikely to be soon. I do not know if there is some 3rd party out there that can find a way to do this or not, but I do not see how.
Photo of Steve7353

Steve7353

  • 1,422 Points 1k badge 2x thumb
Drew,


Ok ... are we having a network  problem?


All my sites seem to be down.


Regards

Steve
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
There was a brief drop in network traffic. I do not have a cause, but it seems to have recovered. Do you still see an issue?
Photo of Steve7353

Steve7353

  • 1,422 Points 1k badge 2x thumb
Seems we are back up now ... phew!

I'll do more research on the SSL certificates issue ... this is a new field
for me but I think I will need to learn fast as these warnings in Firefox
are creating nightmare problems at my end.

Best Regards

Steve
Photo of Drew N

Drew N, Alum

  • 262,816 Points 100k badge 2x thumb
I am sorry. I am continuing to pass on the comments of yourself and a few other customers that have expressed concern, and will continue to do so.

This conversation is no longer open for comments or replies.