Quick Website Checkup and Security Bar Check: Is Your Site the Way It Should Be?

Quick Website Checkup and Security Bar Check: Is Your Site the Way It Should Be?

SSL has become the preferred way for all sites to be displayed as opposed to only being used for shopping carts and pages where you would enter personal data. For some time, there's been a transition from http to https, and it was a choice mostly based on the intended activities of your website viewers.

Now, the choice should be https only. Modern browsers display all unsecure (http) pages with a message in the bar next to the URL that states "not secure".

Example of non secure page browser bar

Technically, for a photography portfolio, that doesn't matter to your viewers as they aren't likely entering personal information into your website to simply view your work. However, many people don't know what the difference is or why it would matter, and to those folks, seeing a message that reads "not secure" adds a degree of worry. It could cost you customers, even if your site doesn't collect information from visitors, simply based on people's fear of what they don't understand. 

It's a very good idea now to convert your website to only https, which can be done easily via htaccess. Once this is done, the browser bar will look similar to this.

Example of https secure page browser bar message

Adding the following code to your htaccess file will have all viewers seeing the SSL version (provided an SSL certificate is installed on your server):

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

For those of you that still use hosted web templates, you may need to contact your provider or check your dashboard settings as there may be an option for this.

An important thing to note for those of you that have sites hosted with these various platforms is that most likely, you will be viewing your site while you are logged into your admin panel, which will be secure already. You will need to either log out and then view your site or simply use a private or incognito browser window to make sure you can see it how customers will.

Lead Image by picjumbo via Pexels, used under Creative Commons.

Bill Larkin's picture

Bill is an automotive and fashion inspired photographer in Reno, NV. Bill specializes in photography workflow and website optimization, with an extensive background in design and programming.

Log in or register to post comments
8 Comments

A lot more to it than that...Step1, buy certificate (they are not all the same). Step2, generate a csr, certificate signing request. Step3, submit csr to domain regristrar. Step4, once approved, download certificate. Step5, install certificate on server. Step6, force https redirection via the code above in .htaccess or in apache .conf file.

Most shared hosting platforms have various forms of SSL certs already installed. The three I work with for all my web clients, all already have SSL ready.

Mine didn't until I paid for a "pro" hosting account (dedicated IP, faster speeds, etc.), which came with 1 free SSL. I had to go in and activate it and then make my site work with it. A bit over my head for not being a web guy, but made it work.

PS... SSL has nothing to do with site security, its more for traffic security. For site security do things like: update wordpress, change default sql password, harden server (for cloud hosting), restrict permissions to rx only, check for php/sql injection on web forms, check for directory traversal, check for apache leaks, xss, etc. And dont use Nikon1! as your password.

The primary objective here isn't about what's secure and how that works, but rather to let photographers know that this is a thing, and they should make the appropriate change. So that their potential customers aren't confused by a "Not Secure" message in their address bar.

Yes, the full details are more complex, most photographers aren't interested in that, just in customer confidence.

The not secure message is Google stepping in to protect people because site owners wont, or as you say are not interested enough to try. It kinda sounds like you might be suggesting to just do the bare minimum to avoid the message, but site owners owe it to their customers to do this the right way. Part of running a site these days is being responsible for things like this. Photographers might not be interested in basic cybersecurity and/or digital hygiene, and if so, the responsible thing to do is to not collect customer data and to stay away from online commerce.

This is why I like https://letsencrypt.org/ free SSL for everyone. I'm not selling nor protecting anything so it works for me :)

Yes, any method that will remove that "Not Secure" message is all that really matters to most photographers.