Security and web design
Hi everyone! I didn’t intend to write anything on my blog today, but I came across an issue on a major site. Usually, I ignore web design issues from sites I frequently visit, but a major well known web site should not have visible mixed content warnings.
What is mixed content on a web site and how do you detect it you might ask? Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. Remember to always enable SSL on your website and make sure your web site is only accessed using the secure protocol.
I learned it the hard way, especially when your subscribers are copying and pasting HTML code with an iFrame leading to a non-secured site to embed on their secured website. A big no no and your iframed content will just show a blank area.
What is the solution? Change all http:// links or content to https:// …. or what I do, same what YouTube and other sites tell their users to copy their iFrame code to access their videos without https:// at all but just provide the embed code in this form: <iframe src=”//mycontent.php”></iframe>.
In WordPress, there are plugins that will change all the mixed content automatically for you so you will not have this issue if you are not designing a web site from scratch.
- How do I enable SSL on my site? You need to purchase a secure certificate or enable a free one (renews every 90 days) from your web site hosting provider. (I recommend getting a free one, but if you have a shopping cart and taking payments, you may need to invest in a proper secure certificate.)
- How can I tell my web site or any site I access has mixed content? Please visit Google Developers Blog to learn more about it.
PSA: NEVER ever submit your credit card number on a page that is not fully secure! Check the URL in the address bar and a secure lock icon that is closed next to the URL.
Anyways, this post was a bit of a rant of an issue I sometimes see, but it rubs me the wrong way when I see it on multi-million revenue web sites.