Site labeled as "Not safe" in browsers
fabthi
Registered Users Posts: 263 Major grins
Hello everybody
as you all probably know, Chrome and Firefox are now showing safety standards of websites you visit.
I therefore found out my website here on Smugmug is unfortunately labeled as "Not safe".
Following my inquiry, Smugmug support replied that "Https encryption is something currently only available for SmugMug sites that don't use a custom domain" and is expected to be implemented soon for custom domains too.
This is like very bad for SEO and for actual site's visitors who are discouraged by the "Not safe" label
In the meantime what can I do?
Fabio
Tagged:
0
Comments
From the "Google Security Warning" post 2 or 3 under yours
Just 2 quick notes:
1) Enabling SSL for custom domains will break peoples sites that had enabled the "hack" for https prior to our release. Anyone who has implemented this will need to undo it when we go live on January 17th.
2) Because we didn't want to break the custom domains for the people who had forced https prior, we were unable to completely test everything around SSL for Custom Domains. As such, beginning on January 17th we'll be generating SSL certificates for each of your domains, and they'll be renewed and remain active as long as you tie your custom domain to SmugMug in your SM Account Settings. However, we will not initially redirect non-SSL (http) traffic to https at this time. Links generated in your breadcrumbs, Folder/Galley and Menu Content Blocks will continue to use non-SSL (http) links. Once we're able to verify everything with the SSL certificates looks good, we'll begin moving all links to https, and then lastly automatically redirect http traffic to https.
This means that, on January 25th, someone typing in "http://www.yourdomain.com" will not be moved to "https://www.yourdomain.com". However, if they do type in "https://www.yourdomain.com" they will land on a secure site.
Instagram
Twitter
Here's the text of @leftquark announcement in the thread Google Security Warning:
Not much longer to wait until all of our custom domains will be served with https.
Musings & ramblings at https://denisegoldberg.blogspot.com
Thanks to both!
Before posting I made a search in the forum for "https", "Google warnings" and another tag I can't remember but couldn't get relevant results.
Venice PhotoBlog
>
Hello Denise
it's been more than a month ago since you posted your reply, however as of today my site still appears as http and Chrome is still labelling it as "unsafe".
It seems SmugMug is taking things easy on this.
Venice PhotoBlog
If you explicitly request https://www.fabiothian.com/ it shows as secure.
I can't speak to SmugMug's timeline to complete their work to automatically switch from http:// to https://. Only someone from smug can answer that.
@leftquark can you comment here?
Musings & ramblings at https://denisegoldberg.blogspot.com
I know, but if you don't you'll be taken to http.
If you Google my name, my website shows up and search result will take visitors to http.
And to an "unsecure" site, not exactly the best welcome for concerned users.
It should be https by default.
Other platforms have sorted this issue months ago and I have fixed my own Wordpress site in a matter of days.
Why does it take so long to SM ??????
Venice PhotoBlog
I am not affiliated with Smugmug, but one reason is that they allow a substantial amount of customization, interoperability with other tools (e.g. advertising), and are trying to give people an "out" if going to https breaks their site (often because of something they themselves did).
I'm a bit surprised they did not offer a opt-in, force-redirect feature, so people could decide when their site was ready-enough (at least for the transition period before being forced over).
One interesting aspect are the http links in google. I've re-registered mine with https, and keep hoping the crawl will start switching but it hasn't. I think it won't until they do a permanent redirect. Frankly I blame google for a bit of this; they are the ones pushing for https -- they could VERY EASILY have tested a site on their crawl for https availability and started providing search results as https when a site supports both. But they didn't, they appear to default to http.
Forcing everything to https before we've made sure everything will work on HTTPS is not something we want to do. As @Ferguson mentions, SmugMug has a substantial amount of features that need to be verified (and potentially updated) to ensure everything on your site works great on https. We'll get there as soon as we can, but don't want to break your site in the process. The plan is to have everything fully on HTTPS, and redirecting, "soon". We have a team working as fast as they can, but we also want to be thorough!
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations