ClassCreator.com | Blockbuster sites, amazing reunions

Share Tips

New Topic Subscription Options  

How to Secure Website

Forums: Questions and Answers About Building Your Site
Created on: 04/15/19 06:24 PM Views: 373 Replies: 15
Monday, April 15, 2019 at 6:24 PM

Is there an easy way to secure our website so it shows up as https vs. http? What are the steps needed to do this? Since we are accepting credit card payments, I was asked to do this for our website.

George Ybarra
www.ephs69.com

Reply
Monday, April 15, 2019 at 9:21 PM - Response #1

We are working on a solution, but currently, all pages that accept credit card payments are already secure. If you go to your Ticket page or your Donation page or your Products page, any time the classmate is asked for a credit card, the website changes to https:

The way domain names work with our ClassCreator system, it is not possible for each website that owns a domain name to have a certificate to verify that you are a secure website, so those places where https:// is required, it goes to the ClassCreator domain name which is secure.


Reply
Thursday, April 18, 2019 at 3:44 PM - Response #2
non secure site.JPG

When we log in to our site, it shows Not Secure as does this forum. That may discourage classmates from signing in. Is there a way to secure it?

Reply
Saturday, April 20, 2019 at 1:24 PM - Response #3

Bev,
Unfortunately, some members will be concerned by the new browser warnings, But, as Kyle said, any pages which involve financial transactions or need to be encrypted are secure. The login page and even the Edit Contact Information page are secure.

Other pages, like profile views and pages which you have restricted which can only be seen by logged in classmates and guests would normally not contain any sensitive information. And other pages which you've left unrestricted would normally not need to be encrypted.

The browser notice that viewing a page over a network connection which is not encrypted is worth noting, but would not be a risk in most cases. The exception is the unlikely event when a member is accessing your site from a wi-fi connection in a hotel or restaurant where someone with specialized equipment could monitor network traffic. Even then, our sites are secure and encrypt network traffic for access which needs to be encrypted.

Reply
Sunday, April 21, 2019 at 10:10 AM - Response #4

Thanks for the response. I played with it and it seems that Class Creator web address shows and no "not secure" notice appears on certain pages. Those seem to be pages where you are putting your password in or editing your contact information. However, when looking at a classmate's profile, depending on the what that person has entered, there is a little more information showing, generally birthdates, spouse information, children's names and birthyears. Those are restricted to only classmates, but it shows on my browser as not secure. If that is correct, then I'm inclined to remove that from profiles or at least suggest that people not enter any information they considered to be sensitive.

Reply
Edited 04/21/19 10:17 AM
Sunday, April 21, 2019 at 12:32 PM - Response #5

We've kicked this around too, and came to the conclusion that while there is some limited personal info in profile views, it's limited to logged in members only - just as it has been since day one. And on our site, we added an option which removes the choice to allow your profile to be seen by search engines and outsiders - which we saw as a valid security concern.

Sharing profile info between classmates has never been considered 'risky', although we do have a few who didn't enter some fields (like birthday, even though we all know how old our classmates are). Details do have more personal information, but most of that is only viewable by admins.

In any case, viewable profile info is no more risky now than it always was. Again, when someone is viewing our site (or their bank) when using a coffee shop's wi-fi, there is a remote chance that network traffic could be monitored. I see that risk for our sites as minimal - and avoidable.

Reply
Tuesday, April 23, 2019 at 4:59 PM - Response #6

If you'll notice, go to your Member Functions > Edit Contact Info page, and you will see that the URL is actually under the https:www.classcreator.com domain name.... as would be any other security sensitive pages such as login screens and Event Planner cart pages.


Reply
Saturday, April 27, 2019 at 11:31 PM - Response #7

Hi - Scott - I see that the Not Secure does go away when one edits their contact info as you said, but that isn't going to make our users any more comfortable. As other admins have said - we have users who are hesitant to use the site now and I have had several complaints about this "Not Secure" which they see as a warning. Is there anything we can do to make it go away? FaceBook doesn't have that warning - why do we?

Reply
Sunday, April 28, 2019 at 2:33 AM - Response #8

This is the response I sent to a classmate that sent an email to complain about the not secure warning. I was thinking about posting this on the website and sending as an email to the class, if I have the information correct. It could be worded better, too.
"The “not secure” message does not indicate the site is unsafe.
The NEHI1970.com website is private and requires a password to be accessed. There is extra security for pages where information is entered.
When editing contact information, the web page will change from “http” to “https” indicating it is a secure (encrypted for extra safety) page to enter credit card or other personal information. There have not been any changes to our website as far as security is concerned. Some of the browsers are now displaying “not secure” warnings in front of the http or www, to indicate the page is not encrypted and might not be safe enough to enter credit card or bank account information on that particular page of the website. All pages that require sensitive information, such as Donation page, Products page, Ticket page, Contact Information page, etc., are set up to go to the ClassCreator (our Web Hosting company) domain name, which has the certificate to verify that we have a secure website, with encrypting on those pages.
Encryption is the process of scrambling or enciphering data so only someone with the means to return it to its original state can read it. Encryption keeps criminals and spies from stealing information. NEHI70.com requires the combination of your email address and password to login, and the necessary web pages are encrypted, therefore our website is safe and secure for use."

Reply
Sunday, April 28, 2019 at 2:37 AM - Response #9

Google has updated their browser (and subsequently, major browsers have followed), to alert users whenever they are on any page of any site that is not secured by a security certificate. Your site is currently secured on all pages that were previously necessary such as cart check out pages of the Event Planner as well as your Login pages. Rest assured that your site is safe and secure. However, we are still looking into a solution for admins to acquire a security certificate for their sites so that all pages reflect a secure status. We are working with our team to solve the logistics of this task. We will inform all of our administrators as soon as we have a solution that will work for our unique site scenario.


Reply
Sunday, April 28, 2019 at 8:06 AM - Response #10

Belinda - Thank you!!

Reply
Edited 04/28/19 8:07 AM
Tuesday, April 30, 2019 at 12:27 PM - Response #11

Scott,

Please get this corrected as soon as possible. This is causing a major problem in our reunion efforts.

Reply
Tuesday, April 30, 2019 at 3:48 PM - Response #12

Hi - I read that the now grey "Not Secure" warning is turning red! I am afraid I will lose classmates.

Reply
Wednesday, May 1, 2019 at 2:01 PM - Response #13

This is a priority for out team and we continue to work toward a solution.


Reply
Monday, May 20, 2019 at 4:41 PM - Response #14

This jumped out at me today. I too, am concerned about losing or some newbies not joining due to this warning.
Good luck at getting it resolved asap!! Is it possible to send the admins a notice when all clear?

Reply
Monday, May 20, 2019 at 4:54 PM - Response #15

We will let everyone know once this is resolved.


Reply
New Topic  
Subscription Options: Have all new forum posts sent directly to your email.
Subscription options are available after you log in.