| Blockbuster sites, amazing reunions

Share Tips

New Topic Subscription Options  

Site "Not Secure"

Forums: General Discussion
Created on: 10/01/19 02:42 PM Views: 1736 Replies: 49
Tuesday, October 1, 2019 at 2:42 PM

Website security certificates. When I get to my two sites (CHSAA or Crestwoodstock sites), if you look up in the URL area, it says “not secure” before the URL location. If people see that “not secure” is part of the URL, that may wave them away from the site.

I have read, that a security certificate is When you go to a site that uses HTTPS (connection security), the website's server uses a certificate to prove the website's identity to browsers, like Chrome.

How do I make my class creator sites secure for transactions and is there a cost to install a security certificate?

Tuesday, October 1, 2019 at 7:40 PM - Response #1

Google has updated their browser (and subsequently, major browsers have followed), to alert users whenever they are on any page of any site that is not secured by a security certificate. Your site is currently secured on all pages that were previously necessary such as cart check out pages of the Event Planner as well as your Login pages. Rest assured that your site is safe and secure. However, we are still looking into a solution for admins to acquire a security certificate for their sites so that all pages reflect a secure status. We are working with our team to solve the logistics of this task. We will inform all of our administrators as soon as we have a solution that will work for our unique site scenario.

Saturday, October 12, 2019 at 6:22 PM - Response #2

I too have the same concern about security. Two Items
1. When I go to our main page AND AM LOGGED IN, it shows "Not Secure" on Chrome unlike what your prior answer indicated. Am I reading this wrong, or doing something incorrectly.
2. Should I be using FF instead of Chrome? Tried FF and it also says not secure while I am logged in.
3. Also, this may be affecting it. I'm trying to use password saver's driving me crazy as I often use the same PW on different sites (I know it's not a good idea). I've tried DashLane and just deleted it..driving me crazy, now trying Sticky Password.

4. Not your problem most likely, but while I use Malwarebytes 24/7 I just got two ransomeware letters - ( i know these are emails, not direct/locking attacks and they are badly written gross, untrue, and several weeks old, found in my junk mail...and have NOT responded...but security is getting a bit higher priority in my life now. Please advise. Thanks

Friday, November 15, 2019 at 4:49 PM - Response #3

Thanks, Scott...

Everybody is becoming more aware of security holes these days and that 'Not Secure' heading on the URL is spooking more than a few of our classmates.

Telling them to 'ignore it' because our site is actually very safe sounds a lot like 'whistling in the dark'

Be looking forward to a solution.

Friday, November 15, 2019 at 5:20 PM - Response #4

Forgot to mention, when I told (per your comment) one of our classmates that the pages where any secure information is required...such as the Log In page, "you will see that there is a secure icon (padlock, etc.)." He went away, grumbling...

So then he called me back 10 minutes later and said the 'Edit Profiles' page (where he loads pictures) was not secure. He's evidently right as I see no security icon.

The 'Edit Contact Info' page is secure, but because we're uploading pictures into the server (I presume) on the 'Edit Profile' page, does that then become a possible entry point for bad guys?

Friday, November 15, 2019 at 10:08 PM - Response #5

I'm not a security expert, but these are my thoughts:

There is a level of security built in to the Edit Profile page, in that a classmate must be logged in before he/she can view or edit that page. So, the Edit Profile page can only "become a possible entry point for bad guys," if the bad guys are logged in.

All the pages in the Member Functions section (Notify Me, Edit Contact Info, Edit Profile, Change Password, Log out) are viewable for editing only after one is logged in.

Edited 11/15/19 10:13 PM
Friday, November 15, 2019 at 10:31 PM - Response #6

I may be incorrect here, but pretty sure this will work to solve the "not secure" concern. In some ways it is similar to how the login, payment link name changes to https.

So here's my concept that is an easy way to do this (get sites secure with https), but it requires some changes by CC and a new Option for users (admins of a site, not classmates) since they "might" have to make a few changes. [I do here and there, but it's not too hard.]

Our sites with a domain name get directed to the actual name used by CC.

For example
is actually

So if you click either link, you end up at exactly the same place. The Difference is that the first is "not secure" and the second one IS secure.

Now if you click any of the left hand links CC has generated links but that doesn't have to be that way at all.

To illustrate see this example of links Bothell Weather [Note: I just modified this page to show how it works if CC did this by making the page itself convert to the Secure version of the page. It's not an important page in case there's something I forgot - that a browser setting might complain about]

Clicking from either page link generates .. modified so it automatically goes to the next link
but actually this next link is exactly the same thing

Now there is one problem and the home pages shows that. The https change affects the way default links are done by your browser and catches where you mixed secure and not secure references.

I hardcoded an iframe reference (in a script) using and that violates "mixed content rule" for https - a security violation. Hence the scrolling classmate script does not run and is just a gray rectangle. On the link it shows. This is very easy for me to fix. I just left it to show what happens. Similar issues occur for scripts.

So that's why it has to be an "option" to use the https name vs your domain name.

However, it solves the "not secure" issue described.

If you click some of the inner links, like Reunion Committee you can see that it stays "secure".

Should be very easy to CC to implement since if you stop paying for a site, that's actually what happens anyway Cool

[I forgot to post this some time ago and this post reminded me.]

Edited 11/17/19 2:34 PM
Saturday, November 16, 2019 at 12:04 PM - Response #7

Both Scott and Jack's posts are very helpful.

Scott you're right, and the 'black hats' have to get past the Log In to theoretically do very much. Perhaps not much of a hurdle, but it's there.

The crux of the problem is that (often RED) 'Not secure' notice that Google now puts in front of the URL. Heck it even makes me a little uneasy. My classmates with very little understanding of security tend to freak out.

I'm afraid explaining the nuance of your analysis, Scott, will not be enough...

Jack's points are impressive, your skills are way above mine Jack, in even figuring all this out.

But that's a problem as well, most of my classmates at 73 years of age are way past a somewhat technical solution that they would have to implement. They'd just stop coming to the site.

There must be a better way to keep our sites user friendly and secure; and without Google's non helpful 'Not secure' (in RED) notice.

But Class Creator is going to have to figure that out before we begin losing large amounts of classmates from all of our sites.

Saturday, November 16, 2019 at 1:38 PM - Response #8

This change will be completely transparent to Classmates - just the secure lock will appear vs not secure. I'm assuming that Classmates means the members of a class. They just click on exactly the same link they did before. No action required by them. CC does all the changes in the "background" so to speak. [Just like CC does now for Login, Payment, Editing, Manage Classmates etc. In fact, that is so transparent I bet many admins never noticed - those are the "users" I referred to not classmates]

The only thing CC does is 1) switch the "landing" page to the https version AND 2) change all the link names to the https version. They could do the second step and probably leave the first page alone. However, then the first page would still show not secure.

Most sites will be surprisingly adaptable. The reason is that when you use the Editor and Preview a Page, that is already what happens - it switches to your actual CC website address. Have not seen any complaints that a preview did not show correctly. Not a guarantee, but also tends to make me think it won't be a big problem.

To see this, select Edit Site Pages. Now pick a page and Click Preview. Notice that the upper link in browser is now Secure. Exact same page.

IOW, if you can see your pages in Preview, your site is good to go.

Mine has some very custom code. Most sites just use the default tools. The main thing that some sites need to "fix" is that they might have hardcoded links to their pages inside of other pages. They need to fix those links since they would still "work" but revert to the not secure version.

However, that is why it would be an Option in preferences. If somehow there was an issue, revert back if one did not understand how to fix. They could always ask here how to fix though. Almost all can be fixed if the referenced resource has an https version.

Edited 11/16/19 1:51 PM
Saturday, November 16, 2019 at 1:56 PM - Response #9

I forgot to mention that Step 2 code is already there in CC. It's what you get when you get a "free" site (or revert back to one). So the only change is actually Step 1.

Sites that Pay code would have the Option code added in Preferences (or?) and code to check option of course Very Happy

Sunday, November 17, 2019 at 8:28 PM - Response #10

Made a script so anyone can easily make any page "secured" but image links might need to be modified depending on how you did them. If CC changes, it will still work since it checks site http status.

EDIT: removed content because cookie gets removed so it did not work as intended. I was logged into https in one tab and testing in another tab using our actual Domain name. So I had two cookies active that made it all work.

Funny thing is that if you do NOT have a domain name it all works great. See THIS PAGE for how that works. That is a 100% secure ClassCreator site using https.

Edited 02/13/20 9:10 PM
Monday, December 23, 2019 at 10:39 AM - Response #11

any update on a solution for security certificates?

Thanks - Patrick

Thursday, February 13, 2020 at 7:08 PM - Response #12

Also to Scott: Here's "second" to the question about "any update on a solution for security certificates?"

Cheers, Allen.

Friday, February 14, 2020 at 11:24 AM - Response #13

“To see this, select Edit Site Pages. Now pick a page and Click Preview. Notice that the upper link in browser is now Secure. Exact same page.

IOW, if you can see your pages in Preview, your site is good to go.”

Jack, in Preview, everything on our website is Secure in Preview, Does this mean our site is Secure? Or does this mean CC should have an easy fix?
Thank you, Jack, for taking time to educate us!

Edited 02/14/20 11:28 AM
Friday, February 14, 2020 at 1:13 PM - Response #14

Thanks. I also got educated in reviewing the details. Especially with the script that worked perfectly, except that I did not realize I had two cookies (one for the Domain and one for classcreator https) active. With the newer restrictions coming, this issue is becoming urgent vs just something that will not affect our sites.

CC should have a relatively "easy fix". Right now when you use your Domain name to login, CC changes to the secure CC URL and then after you finish, it changes back to your Domain name. Which of course is not secure.

Sites that do NOT have a domain name get the default raw CC URL which is easily made https, even without CC doing anything, by the little script I wrote. If I started today, I would never get a Domain name Wink There are other ways but involved shelling out a few $$$ with another ISP.

The edit "Preview" is just to show that all your pages show as "secure".

What is interesting is that most pages that are not content related are now https. So that was a step towards security. They did forget a few Smile The login one being the most serious forgotten one.

Friday, February 14, 2020 at 4:00 PM - Response #15

“With the newer restrictions coming, this issue is becoming urgent vs just something that will not affect our sites.”

CC- Because this is urgent, CC plesse advise your solution to make my class website Secure. As an administrator, my clsssmates depend on me to provide them with an easy to access website.
Is anyone from tech support reading these comments?

Edited 02/14/20 4:04 PM
Saturday, March 7, 2020 at 8:20 AM - Response #16

This has become a big issue for me with classmates. When can we expect it to be resolved. I worked so hard to get classmates to use our site. I don't want to lose them now. I think it would be reasonable to expect a response from CC as to the target date for fix. Thanks.

Saturday, March 7, 2020 at 8:54 AM - Response #17

“The changes will take effect on March 31, 2020, and they won’t impact the way you use Google services.”

Unfortunately. there are two threads discussing the same topic.

I agree with Camille.
The google deadline to be security compliant is March 31. 2020 — that’s in 24 days. Jessica stated “We will be sending out a notice regarding the beta soon.”
My questions are: will CC install and what’s the date?
Thank you.

Edited 03/07/20 12:26 PM
Tuesday, March 10, 2020 at 8:06 PM - Response #18

CC if you are monitoring. Silence is unnerving.

Friday, March 13, 2020 at 1:23 PM - Response #19

I just signed on to my site and did NOT see the "not secure" designation. Does that mean it is fixed?

Friday, March 13, 2020 at 1:32 PM - Response #20

Our website still shows insecure

Friday, March 13, 2020 at 1:33 PM - Response #21

No change. Could be Safari doesn't show that yet?

Friday, March 13, 2020 at 1:35 PM - Response #22

OK Thanks.

Sunday, March 15, 2020 at 8:23 PM - Response #23

Something appears to have changed. The logon page is now showing as "Not Secure" in Chrome. Haven't tried with any other browser.

Sunday, March 15, 2020 at 9:04 PM - Response #24

Been that way for some time. You must not have updated browser lately..

Sunday, March 15, 2020 at 9:30 PM - Response #25

Are you talking about the "head" login option? That's a BUG by CC and has also been reported starting in Nov 2019 here

Sunday, March 15, 2020 at 9:49 PM - Response #26
Not Secure and Secure.jpg

Jack Vermeulen wrote:

Are you talking about the "head" login option? That's a BUG by CC and has also been reported starting in Nov 2019 here

No, I'm not. And the unusual thing is that other CC sites I access that do not use the Responsive Design still show the logon page as being secure. All in Chrome.

Edited 03/15/20 9:55 PM
Sunday, March 15, 2020 at 10:32 PM - Response #27

Weird. Yes your site is screwed up (no offense) even with FF. No change for my site (RD). Except for the 'head' bug it's all https for login protected pages. [Edit see next post, think I discovered the reason.]

Checked a few other RD sites and they also are https for login. Like this one

FWIW, sites like yours without a domain can be https with the script I made. That's what this SITE is using that script

Edit: However, you still need to make sure all images used are HTTPS to avoid the not-secure flag.

Edited 03/15/20 10:44 PM
Sunday, March 15, 2020 at 10:43 PM - Response #28

OK, think I figured it out. The problem is that IMAGES are not HTTPS and Chrome/FF started complaining about pages without secure IMAGES. I kid you not. That is what I noted about a month ago. These ongoing changes are going to cause all sorts of issues.

The only way you can fix that ATM is to make your images fully qualified as rest of link

Forgot to mention: It comprises the BOTTOM images there which I do not think you can touch since CC made it fully qualified - CC needs to FIX that.Idea

This is just one of them

Edited 03/15/20 10:59 PM
Sunday, March 15, 2020 at 11:10 PM - Response #29

It's got to be something else. I've taken all content except for some CC stuff off the home page and it's still Not Secure.

Sunday, March 15, 2020 at 11:22 PM - Response #30

I talking about the images on the BOTTOM. Those are still there. Copy and paste the link I gave an you can see what I'm referring to.

This is just ONE of all of those

However, even if that is fixed (I manually played with it), pretty sure there's a link in there that is http that Chrome and FF are complaining about. You can't touch all of the code there.

Since other sites that are working normally, it has to be some http resource that is triggering "not secure". CSS references will also trigger that warning now.

If you go to the Scripts site you can see that it works (except I also have some http images on one page that I still need to fix myself).

Edited 03/15/20 11:28 PM
Sunday, March 15, 2020 at 11:48 PM - Response #31
not working.JPG

Jack Vermeulen wrote:

See if this works

Nope, got the attached when I clicked on the link.

Monday, March 16, 2020 at 12:04 AM - Response #32

It's just a screenshot of the BOTTOM of your page showing you the images there that are HTTP. Just copy and past the link I gave so you can see one of them. It was to show you the images I'm referring to.

Your browser probably has to be configured to download PNG. I had to make mine use FF. Wish CC let you just paste an image here - that's never going to happen Cool

Monday, March 16, 2020 at 12:09 AM - Response #33

I re-read response 32 went to the link and saw the pictures to which you're referring. Have restored home page content and going to sign off for now. Thanks for all your input.

Monday, March 16, 2020 at 9:44 AM - Response #34

Thank you.
Our website today now appears to be Secure if using Chrome. If using Safari our site still says Insecure. I have not received any of the new updated comments. I logged on to see what’s going on.
Question: is our website Insecure or Secure?

Edited 03/16/20 12:23 PM
Monday, March 16, 2020 at 12:37 PM - Response #35

Vicky's site, she started this thread, experiences the same issue as mine, i.e. Not Secure logon page.

Edited 03/16/20 12:38 PM
Monday, March 16, 2020 at 2:28 PM - Response #36

Vicky's site has this image that is not secure on the bottom of the page for Sign In, the FB one. It's another one CC has to fix by removing the fully qualified "http".

ANY image that is fully qualified that does not have https will flag a page as not secure.

Edited 03/16/20 2:28 PM
Monday, March 16, 2020 at 2:56 PM - Response #37

FYI Vicky's other site is fine with the login. Also an RD site.

So to emphasize, if there are ANY images that are not https, the signin will show not secure. Some of them you can fix, like the FB image. Other images that are not set by you, you need to remove for a bit - if it bothers you. IMO, that someone would use an insecure image on one of our sites is pretty remote. Unless you are some sort of James Bond character Twisted Evil

Edited 03/16/20 2:57 PM
Monday, March 16, 2020 at 6:18 PM - Response #38

Thank you!
Will look into it late tonight. We don’t use FB. How to know if an image is HTTPS?
We have hundreds of photos - if I don’t remove certain photos by March 31, can our website function as usual?

Edited 09/12/20 4:06 PM
Monday, March 16, 2020 at 6:38 PM - Response #39

Jack Vermeulen wrote:

So to emphasize, if there are ANY images that are not https, the signin will show not secure. Some of them you can fix, like the FB image. Other images that are not set by you, you need to remove for a bit - if it bothers you. IMO, that someone would use an insecure image on one of our sites is pretty remote. Unless you are some sort of James Bond character Twisted Evil

Not concerned at all. Was just pointing out what seemed to me a change in how the logon page was being treated. I'm sure that when CC initially made the change that it showed as secure and now it doesn't. Per your explanation it would appear that the cause is browsers treating images differently now than they did a while ago.

Monday, March 16, 2020 at 6:43 PM - Response #40

Sites will still work, it's just that the sign-in will show "not secure" if there's an image there that is http.

The idea is that when CC eventually gets around to giving all sites https ability (one is extremely easy to do - the one I proposed), your site will be all ready for that. Most images will automatically be good if one just used the Editor to create the images. One manually entered using http (or the ones that CC did not create properly) need to be fixed.

The simple way to see if you have any images that are not https it to go to Edit Site pages and click Preview. If it shows the "lock" everything is fine. If not, then something on the page needs to be fixed. That is not always an image. Scripts and CSS stuff may also need to be fixed .. pretty rare too, except that History has that problem Rolling Eyes.

Monday, March 16, 2020 at 6:50 PM - Response #41

F C Bock wrote:

Per your explanation it would appear that the cause is browsers treating images differently now than they did a while ago.

Yes. Chrome announced that change a few months ago. I suspect though that eventually they will BLOCK mixed resources. That is already being done for CC History pages by Chrome, Firefox and Opera. The videos in History do NOT show. [If you make the page https in Chrome it works but not for FF or Opera Smile ]

IOW, this is being done in steps to give sites the chance to adjust. The same way that Flash got disabled. Some CC Flash based features no longer work.

Edited 03/16/20 6:57 PM
Monday, March 23, 2020 at 3:13 PM - Response #42

Can anyone reassure if I do nothing, our website remains as it is today.

Hoping all remain safe & healthy

Monday, March 23, 2020 at 3:38 PM - Response #43

You won't have to do anything more. We will have options soon for those who want to secure using their own domain as well.

In the meantime the March 31st deadline item related to securing downloads has been addressed. We have secured all document downloads across the entire network of sites using our secure ID. That was the item Jack posted originally and it is done so nothing new will be affected as of that date.

Monday, March 23, 2020 at 3:46 PM - Response #44

Thank you Jessica. Prefer to keep our domain.
Will await options.

Edited 03/23/20 3:49 PM
Friday, August 28, 2020 at 4:55 PM - Response #45

We’re keeping our domain - how do I proceed with Security
Certificates? Or will CC take care of this since we bought our domain name thru CC?

Sunday, August 30, 2020 at 8:46 AM - Response #46

I am wondering too when the the site will be listed as secure. Even this thread comes up as Non secure. Also, postings to my site still are continually duplicated so I have to go in and delete each time a classmate posts anything.

Sunday, August 30, 2020 at 6:08 PM - Response #47

Class Creator (CC) has mentioned in previous threads that the options for securing our sites, both paid and free, will be available once the post-migration items are resolved. I think we just have to wait until the duplicate/truncated posts issue, and any other issues are resolved, and then CC will present the options.

Edited 08/30/20 6:56 PM
Sunday, August 30, 2020 at 7:33 PM - Response #48

Secure stuff should have nothing at all to do with the dup posts. Either there was a mistake made in the original code OR there's a mistake in the updated Cold Fusion regards "dup" issue. Or there's a timing issue with a "faster" host that is triggering the problem at odd times (meaning the "bug" was always there). Not the first time I've seen that sort of problem.

CC needs to get pro-active and EXPLAIN what is going on.

Turn on the "secure" option and at least give users something to be happy about out of this move (90 days ago) to a new host that so far is not so great.

Saturday, December 12, 2020 at 4:01 AM - Response #49

It's now mid-December 2020 and our classmates are still seeing "Not Secure" in their browsers for our reunion website.

Is the certificate problem *still* on hold pending resolution of other post-migration issues???

New Topic  
Subscription Options: Have all new forum posts sent directly to your email.
Subscription options are available after you log in.