Mixed content or Site not secure?
Have you ever seen a "Site not secure" or "mixed content" alert message?
You may have noticed that the little "site not secure" message is coming up a bit more than it used to, or that the "mixed content" message appears when you're browsing websites.
I read an article this morning announcing the near changes in Google Chrome secure browsing (link below), and thought to share it here today.
First, what is "mixed content," and why do we sometimes see it here with our own WA sites?
Mixed Content: In short, it's when both HTTP and HTTPS content is loaded to display the same page.
But My Site SSL is Turned ON
I hear you...
How can this happen if the Site SSL is turned on?
The most common occurrence is through the use of supporting resources such as images and videos.
When you turn your Site SSL on, then you are ensuring that your written content is delivered to your Users over a secure HTTPS connection. But, sometimes, when you add images and videos, they are loaded over an HTTP connection, thus causing a "mixed content" message.
Why Does it Matter?
When Users visit a HTTPS website, they expect that they are connecting to a secure site, and each browser wants to ensure that is the case. So the browser will throw a red flag, so to speak, when the content is mixed.
A"mixed content" warning is issued to Users as a precaution that the page they are viewing contains some insecure content.
Usually, if it's a warning, it's due to an image or video, and the browser has decided to display it anyway along with an alert.
There are other types of mixed content that are blocked due to possible malicious intent.
So, you can understand why a browser would display these messages. They want to provide safe content to Users.
How to Use Safe Supporting Resources
1) Use Images Provided Inside of WA
- When you click on the Image button on the toolbar to use an image from the WA library, these images have already been secured and optimized. To double check if they are a HTTPS source, do this:
- Click on the Image button to add image
- Add image to your blog post
- Right click the image
- Select "inspect," and when the code appears, the img tag should be highlighted with the src="https..."
2) Check Outside Images Before You Use Them
- Find free images from reputable sources such as Pixabay, Pexels, Unsplash, etc, and when you download the png or jpg file to your device, then upload it to your content, you shouldn't have any issues.
- When you hover over an image on a stock site, the URL will usually display at the bottom of your screen. You should see that it is a HTTPS link.
- You can "Inspect" any of them following the easy steps above to double check.
- Be Careful with images or videos from other websites (if you're even allowed to use them). Make sure you follow safe <embed> processes when adding video to your site.
- There are several helpful videos right here in the WA smart search bar's database that show how to embed a video (from YouTube for example) into your content. Here's one example from Kyle: Embed a YouTube Video
Browser Preferences and Chrome News
Different browsers respond differently to mixed content, and their behavior is always changing.
Google Chrome has been on a mission to demand HTTPS content only for a while now. There have been news updates for years, and this morning I saw this article:
In doing a search, I then found several articles in the past week with info in regards to Google Chrome changes. Here's another:
Two excerpts copied from searchenginejournal:
"Currently Google loads pages with mixed content. Beginning in December 2019 with the introduction of Chrome 79, Google will do two things:
- Google will automatically upgrade http content to https if that resource exists on https.
- Google will introduce a toggle that a Chrome user can use to unblock insecure resources that Chrome is blocking."
"Beginning in January 2020 Google will remove the unblocking option and begin blocking mixed content web pages."
It's a good easy read. That explains (if you've happened to notice) why we are seeing more mixed content alerts and blocks.
How Will This Affect Us?
Really, if we are using the resources here at WA, and practicing safe website building, it shouldn't affect us much in a building capacity, but as Users, I think we'll be seeing a few more alerts in the months to come.
Thoughts or more info to share? Please share or comment below!