security warnings popping up when link for site is given
-
Trying to find out why WordPress.com, who had me using an http address before two or three years ago, told me at that time to change my address to https for security reasons. I have been using it all this time, but today for the first time a new reader told me that the https in the link I gave her popped up a warning itself. She reported that her own computer guru told her to simply change the link back to http, and it worked without a hitch. What gives? Why was I told to change my site to https, and how do I change it back? I no longer remember where I went in. When I typed https into my browser, it also called up the security certificate warning. I don’t want people to be unable to go to my site.
The blog I need help with is: (visible only to logged in users)
-
Hello there, You didn’t change your site address to HTTPS; WordPressdotcom changed it for every site hosted here and it’s not possible to switch it off. Anyone accessing your site through HTTP is redirected to the HTTPS version.
I just accessed your site in Firefox 50.1.0 at HTTP which redirected to HTTPS without any browser certificate warning.
What does the warning say?
-
Hi again. It’s a standard warning on Internet Explorer 11, which is the only browser I regularly use. I’ve seen it sometimes before when I’ve tried to go to other places. It says: “There is a problem with this website’s security certificate. The security certificate presented by this website was issued for a different website’s address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website.” Then, there are two choices: 1. “Click here to close the webpage.” 2. “Continue to this webpage (not recommended.” Then there’s a phrase “More information” . You say that WordPress.com changed the http to https, but I just found where I typed it in and that was in “account settings.” I remember well that they told me to do it and I did what I thought was what they wanted, so maybe there was a point when they were asking people to do it themselves before they did it over the whole WordPress.com community? Should I go in and put it back to http there? Maybe that wasn’t the right place?
Thanks very much for your input. -
Please add any help or information to the above dialogue that you can. I have only recently (after scant work in months) started to put up a lot of posts again, and I am eager for the site to work properly. Thank you if you can continue to advise me.
-
Hi there, and thanks for the added info. You might guess that we are in different time zones. (good morning) :)
The only setting that users were able to change, and again this was quite a while ago, was a setting to always visit one’s WP Admin dashboard over HTTPS. It didn’t change how your visitors reached your site. Everything is now over HTTPS so changing that setting in WP Admin again shouldn’t change anything.
On using IE11, I just visited your site using it at HTTP and was again redirected to HTTPS without any warning, so again not entirely certain why you are getting a security warning. In general the browsers that work best with WordPressdotcom are FireFox and Chrome.
Regardless, I’ve tagged this for Staff attention. Please be patient for their reply.
-
Hi there,
Can you please confirm for what site this is?
Your site at creativeshadows.wordpress.com has been served over https for at least 3 years already. This switch was done automatically – you did not do anything to make this happen but ALL WordPress.com sites without custom domains were switched at that point.
As @justjennifer indicated, there was a setting in the dashboard to load the admin pages over https, but that has nothing to do with your site itself.
I checked your site in IE, Chrome and Firefox, and don’t see any warnings in any of them, but I did spot something that might be causing some people to see it:
In the post at the top of your front page you have a PayPal button. Looking at the HTML of that button, the link appears as follow:
href="http://https://www.paypal.com/cgi-bin/webscrThat http:// bit is what’s causing the security warnings to appear. Remove those 7 characters, and no one should be seeing warnings on your site any more.
-
1. Where do I get into it to remove it, and does that mean the Paypal button won’t work anymore? 2. I believe you that WordPress.com at some point made the change to https automatic, but I also really do recall them asking me to do it myself, and typing it into account settings. It’s not that people are having trouble typing in http and getting to my site, it’s the reverse: it’s that when I supply some people with the link “https://www.creativeshadows.wordpress.com” they get the security warning message. My “vault” of passwords for the Norton Identity Safe add-on is supplied with the wp-admin page load-in https, and it has never stopped working correctly. But when I type the https bit into my own address, that’s when it doesn’t work for me. They have had the same experience typing it into their browsers (for, of course, they’re not going to the admin page). I need to know how to get into the place where I could change the Paypal code thingy. Thanks for your considerate and full reply. I appreciate all the help.
-
P.S. I just found out that the security warning pops up if I type https://www.creativeshadows.wordpress.com for the link, but NOT if I type https://creativeshadows.wordpress.com for the link.?????Do you have another guess? And does this have anything to do with the Paypal thing?
-
-
Thanks for the extra info. For https://www.creativeshadows.wordpress.com/ you will get the warning, yes. That is expected and not something we’re able to change.
But if you only type http://www.creativeshadows.wordpress.com it will load without showing any warnings. Generally, you never have to tell someone to type in “http://” or “https://” All modern browsers will automatically add that bit as needed.
So in that case it’s unrelated to the PayPal button, but I’d still change it from showing http://https:// to just showing https://
To change that, go to My Site ->Blog Posts and edit the post containing the button and switch to the HTML view of the editor. Then you can edit the link showing there and update the page.
- The topic ‘security warnings popping up when link for site is given’ is closed to new replies.
WordPress.com Forums 