This month saw an update of the site from a non-encrypted "unsecure" site to an SSL secured site. What does this mean?
I run my site on a shared server using a basic plan because it's simply not big enough to justify the cost of a larger host package. The basic plan did not have any offer for SSL certificates so I just ran without one.
So again, what does that mean?
Well in basic terms it means when visitors would visit the site none of the information between the web server and their computers was encrypted so in theory a hacker could watch traffic and see information. Not ideal but since I don't use any payment systems directly on the site (I use Paypal which is secured) or other information other than a basic registration it was not a huge concern.
However, web browsers report the site as "Not Secure" and soon Chrome will start blocking access to sites that are not secure by default so this would turn many users away.
Luckily my web host has just implemented free SSL certificates for all customers which I have now implemented on the site.
We are now SSL Secured!
You will now notice when visiting the site that in the web browser it will say "Secure" and have the all important padlock.
Issues
There were some issues when I implemented the change which I just wanted to note down for future reference. Firstly, the update was quite siomple since it was all done in the background, I simply had to make a few changes to some website config files and it all worked but I noted that even though the site was secure it was showing a (!) symbol and not the important green "Secure" symbol. I spent some time checking the certificates and website and after some searching I decided to paste my web address into an SSL checked:
This will check the validity of the page for SSL issues and detail a report and what I found was many images I have used in articles have "hard coded" direct links to the image location instead of relative. This means many images and some links point to: http:// instead of https:// and although this does not affect the security of the site, it is considered unsecure and the images should not even be pointing to the site name, but to the relative path on the site (if that makes sense).
The fix was to trawl through all my pages and remove the website name from the path so it was a relative link and that has fixed things up.
There may be some pages that have not been fixed so occasionally a page may report an issue but it's a minor thing, the main thing is the website is now running secured for all users
One other issue was related to the above "http" path issue and that was a plugin I use that integrates the Disqus comment system in place of a default comment system for the Joomla K2 component. The plugin was hard-coded to make a call to the website for Disqus using http instead of https which caused SSL errors and the site to not display the secure symbol. It also prevented the comments from loading.
I detected this error again using the https://whynopadlock.com service and after searching for an update and not finding one I managed to easily edit the php files to add the https call which resolved the issues and now has the comments loading back again.
This is all kind of boring shit but a bit of a glimpse at what I need to do to maintain aa website and the skills one has to have to keep things going.