• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Chrome 'Not secure' marker for 2017. Have you moved to HTTPS or will you be doing so anytime soon?

CTXMedia

Formerly CyclingTribe
#1
Like many people, I got an email from Google today to say that from Jan 2017 they are going to mark pages with login forms as not secure if they are not served over https.

This means pretty much every page that is viewed by a guest (since the login link/form is at the top of most pages).

I have so far resisted moving my sites to https as my understanding has been that Adsense revenues drop because of a lack of https ads in the auctions, but this may have changed in revent months?

Have any of you recently moved to https? What has been the impact on page views (did they increase as a result of better rankings) and Adsense revenue (no figures, just - no change / decrease / increase)?

Cheers,
Shaun :D

upload_2016-12-28_1-26-23.png
 
#3
HTTP/2 was a good choice for my forum, which required the implementation of https. I don't imply any degree of security, using an Lets Encrypt certificate, but it hasn't negatively impacted revenue.

Some users did have difficulty on older devices, but imagine that would be less of an issue going into 2017.
 

viper357

Active member
#6
Have any of you recently moved to https? What has been the impact on page views (did they increase as a result of better rankings) and Adsense revenue (no figures, just - no change / decrease / increase)?
I had the exact same concerns as you, I changed to https on the 19th November and looking at Google Analytics I see no decline in page views, they actually increased for the first 2 weeks after https was installed, just before the annual December slowdown started (my forums go very quiet every year over the December holiday season). With regards to adsense, that's been pretty much constant as well, neither up nor down, I check it every day and the figures are still averaging about the same. And I don't know if it's my imagination or not but I'm pretty sure my forums load a bit faster as well, but I didn't measure that so not too sure.
 

CTXMedia

Formerly CyclingTribe
#11
Thanks - I don't do any ecommerce so it looks like the Comodo PositiveSSL certificate (domain validation) will be sufficient for each site, and the price is very affordable.

So what happens to old links and images and signature images that don't use https - will that bring up a mixed-contnet browser warning?

And do you just update your Adsense code to use https to convert them?
 

RoldanLT

Well-known member
#12
Code:
UPDATE xf_conversation_message SET message = REPLACE(message,'http://www.domain.com','https://www.domain.com');

UPDATE xf_user_profile SET signature = REPLACE(signature,'http://www.domain.com','https://www.domain.com');

UPDATE xf_post SET message = REPLACE(message,'http://www.domain.com','https://www.domain.com');

UPDATE xf_profile_post SET message = REPLACE(message,'http://www.domain.com','https://www.domain.com');

UPDATE xf_profile_post_comment SET message = REPLACE(message,'http://www.domain.com','https://www.domain.com');
 

CTXMedia

Formerly CyclingTribe
#13
Thanks. As a test I've bought and installed a certificate for my cycling blogzine (www.cyclingjunkies.com). Redirects appear to be working okay, I've updated Google Search Console / Google Analytics, and appear to be getting a green padlock on all pages - anyone know what I should apply in Cloudflare's Crypto settings to show the site domain in the certificate details [currently shows cloudflare's domain]?
 

Pierce

Well-known member
#14
Thanks. As a test I've bought and installed a certificate for my cycling blogzine (www.cyclingjunkies.com). Redirects appear to be working okay, I've updated Google Search Console / Google Analytics, and appear to be getting a green padlock on all pages - anyone know what I should apply in Cloudflare's Crypto settings to show the site domain in the certificate details [currently shows cloudflare's domain]?
Ah you need a business account for that.

Technically speaking any cert even a self signed would be fine.

Cloudflare also gives you a cert to use... See attached screenshot under crypto
 

Attachments

Brent W

Well-known member
#15
We are waiting on our advertising company to iron out a last few issues before we switch our largest site. All of our other sites are already on https.
 

CTXMedia

Formerly CyclingTribe
#16
So far so good on the two blogzines ... (y)

Do you have to enable image and link proxying once you move to https? Is there a general guide or walk-through for things to look out for and change when converting to https?
 

Brent W

Well-known member
#17
So far so good on the two blogzines ... (y)

Do you have to enable image and link proxying once you move to https? Is there a general guide or walk-through for things to look out for and change when converting to https?
Link proxy isn't required but Image Proxy is. Basically just make sure you haven't hard coded any images/css/javascript files to http and adjust the board url setting.
 

CTXMedia

Formerly CyclingTribe
#18
Sounds relatively simple - I've set everything up on the server, just need to flip it once I've advised the membership.

I've also just noticed that to get a certificate with the site domain as the CN in Cloudflare, you've got to get a dedicated CF cert @ $5 per month; something that I might consider just to neaten it all off.
 

Brent W

Well-known member
#19
I've also just noticed that to get a certificate with the site domain as the CN in Cloudflare, you've got to get a dedicated CF cert @ $5 per month; something that I might consider just to neaten it all off.
Yes we do that for our largest site, though the HTTPS is only active on a subdomain right now.
 

Pierce

Well-known member
#20
Sounds relatively simple - I've set everything up on the server, just need to flip it once I've advised the membership.

I've also just noticed that to get a certificate with the site domain as the CN in Cloudflare, you've got to get a dedicated CF cert @ $5 per month; something that I might consider just to neaten it all off.
I seen it when I posted it to you.

I don't know if its any more valid than a normal CF cert.