is my HTTPS hijacked?

  • Unknown's avatar
    cooldave52000 · Member ·

    Greetings, we have moved our site (redesigned) to a self hosted option through name.com. The issue we are having is if someone goes to our old site url https://nicksrodsandrides.com the ‘unsafe site’ warning comes up, then if you proceed to the site it is some kind of spam thing. However, if we just type in http://www.nicksrodsandrides.com or nicksrodsandrides.com we do not get the warning or the spam site. The HTTPS came from our original site which was on the free plan at WordPress.Com and our site does not currently utilize HTTPS since we didn’t deem it necessary for a basic informational and photo site. Thank you for any help you can offer!

  • kokkieh · Staff ·

    Hi there,

    When your site was here on WordPress.com we issued an SSL certificate to secure your site, enabling it to load over https. However, that certificate expired once you moved your site away from us, so getting a warning if you load the site over https is normal now as your site is no longer served over a secure connection.

    The only way to avoid that warning is to only use http when you type/share your site’s URL, or to add SSL at your new host so you can still use https. There are free options for SSL available, like Lets Encrypt which we use on WordPress.com, or Cloudflare, if you want to look into using either of those options.

  • Unknown's avatar
    cooldave52000 · Member ·

    kokkieh, I appreciate your answer but what I can’t figure out is how is there someone posing to be us, but selling nutritional supliments from Thailand? If I go through the warning and go to what used to be our site, I get a shady looking suppliment site. This is what the warning states:

    “This server could not prove that it is http://www.nicksrodsandrides.com; its security certificate is from http://www.nutritiondepot.co.th. This may be caused by a misconfiguration or an attacker intercepting your connection.”

    So how can nutritiondepot be hosted and use our old https? I assumed once our old hosting through WordPress.com ended that site would have died yet it remains. I’m admittedly a noob and appreciate your help!

  • kokkieh · Staff ·

    You need to ask these questions from your domain registrar and hosting provider. Your domain is not registered with us and your site is not hosted with us, so we have no control over any aspect of your site and no way to determine what’s going on here.

    It looks like your domain registrar is name.com, so I suggest you try contacting them.

  • The topic ‘is my HTTPS hijacked?’ is closed to new replies.