Site labeled as "Not safe" in browsers

fabthifabthi Registered Users Posts: 263 Major grins
edited January 12, 2018 in SmugMug Support

Hello everybody
as you all probably know, Chrome and Firefox are now showing safety standards of websites you visit.
I therefore found out my website here on Smugmug is unfortunately labeled as "Not safe".
Following my inquiry, Smugmug support replied that "Https encryption is something currently only available for SmugMug sites that don't use a custom domain" and is expected to be implemented soon for custom domains too.
This is like very bad for SEO and for actual site's visitors who are discouraged by the "Not safe" label
In the meantime what can I do?
Fabio

Comments

  • Djm3006Djm3006 Registered Users Posts: 226 Major grins

    From the "Google Security Warning" post 2 or 3 under yours
    Just 2 quick notes:
    1) Enabling SSL for custom domains will break peoples sites that had enabled the "hack" for https prior to our release. Anyone who has implemented this will need to undo it when we go live on January 17th.

    2) Because we didn't want to break the custom domains for the people who had forced https prior, we were unable to completely test everything around SSL for Custom Domains. As such, beginning on January 17th we'll be generating SSL certificates for each of your domains, and they'll be renewed and remain active as long as you tie your custom domain to SmugMug in your SM Account Settings. However, we will not initially redirect non-SSL (http) traffic to https at this time. Links generated in your breadcrumbs, Folder/Galley and Menu Content Blocks will continue to use non-SSL (http) links. Once we're able to verify everything with the SSL certificates looks good, we'll begin moving all links to https, and then lastly automatically redirect http traffic to https.

    This means that, on January 25th, someone typing in "http://www.yourdomain.com" will not be moved to "https://www.yourdomain.com". However, if they do type in "https://www.yourdomain.com" they will land on a secure site.

  • denisegoldbergdenisegoldberg Administrators Posts: 14,383 moderator

    @fabthi said:
    I therefore found out my website here on Smugmug is unfortunately labeled as "Not safe".
    Following my inquiry, Smugmug support replied that "Https encryption is something currently only available for SmugMug sites that don't use a custom domain" and is expected to be implemented soon for custom domains too.

    Here's the text of @leftquark announcement in the thread Google Security Warning:

    SSL for Custom Domains will launch on January 17th and everyone with a custom domain on SmugMug will be moved to https with a secure certificate over a 7 day period. Your sites should be secured with SSL by January 25th or sooner and you will not need to take any action to enable this, as long as your custom domain is properly configured per our help pages. All links on your SM website will convert to https automatically and any links you’ve shared without https will redirect to https.

    Not much longer to wait until all of our custom domains will be served with https.

  • fabthifabthi Registered Users Posts: 263 Major grins

    Thanks to both!
    Before posting I made a search in the forum for "https", "Google warnings" and another tag I can't remember but couldn't get relevant results.

  • fabthifabthi Registered Users Posts: 263 Major grins

    @denisegoldberg said:
    Not much longer to wait until all of our custom domains will be served with https.

    >
    Hello Denise
    it's been more than a month ago since you posted your reply, however as of today my site still appears as http and Chrome is still labelling it as "unsafe".
    It seems SmugMug is taking things easy on this.

  • denisegoldbergdenisegoldberg Administrators Posts: 14,383 moderator

    @fabthi said:
    it's been more than a month ago since you posted your reply, however as of today my site still appears as http and Chrome is still labelling it as "unsafe".
    It seems SmugMug is taking things easy on this.

    If you explicitly request https://www.fabiothian.com/ it shows as secure.

    I can't speak to SmugMug's timeline to complete their work to automatically switch from http:// to https://. Only someone from smug can answer that.

    @leftquark can you comment here?

  • fabthifabthi Registered Users Posts: 263 Major grins
    edited February 17, 2018

    @denisegoldberg said:
    If you explicitly request https://www.fabiothian.com/ it shows as secure.

    I know, but if you don't you'll be taken to http.
    If you Google my name, my website shows up and search result will take visitors to http.
    And to an "unsecure" site, not exactly the best welcome for concerned users.
    It should be https by default.
    Other platforms have sorted this issue months ago and I have fixed my own Wordpress site in a matter of days.
    Why does it take so long to SM ??????

  • FergusonFerguson Registered Users Posts: 1,345 Major grins

    @fabthi said:
    Why does it take so long to SM ??????

    I am not affiliated with Smugmug, but one reason is that they allow a substantial amount of customization, interoperability with other tools (e.g. advertising), and are trying to give people an "out" if going to https breaks their site (often because of something they themselves did).

    I'm a bit surprised they did not offer a opt-in, force-redirect feature, so people could decide when their site was ready-enough (at least for the transition period before being forced over).

    One interesting aspect are the http links in google. I've re-registered mine with https, and keep hoping the crawl will start switching but it hasn't. I think it won't until they do a permanent redirect. Frankly I blame google for a bit of this; they are the ones pushing for https -- they could VERY EASILY have tested a site on their crawl for https availability and started providing search results as https when a site supports both. But they didn't, they appear to default to http.

  • leftquarkleftquark Registered Users, Retired Mod Posts: 3,784 Many Grins

    Forcing everything to https before we've made sure everything will work on HTTPS is not something we want to do. As @Ferguson mentions, SmugMug has a substantial amount of features that need to be verified (and potentially updated) to ensure everything on your site works great on https. We'll get there as soon as we can, but don't want to break your site in the process. The plan is to have everything fully on HTTPS, and redirecting, "soon". We have a team working as fast as they can, but we also want to be thorough!

    dGrin Afficionado
    Former SmugMug Product Team
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
Sign In or Register to comment.