The significant increase in the last years of those who use the Internet in recent years, has automatically led to a greater interest from the evil intended people, to exploit this virtual environment. Daily there are hundreds of thousands of computer attacks At the global level, and the attackers do not take into account if the objectives concerned are public, military, companies or simple internet users. Any information, from the data of a bank card to a social network account or personal documents, can be used.
In the case of simple users (home users), PC infection is done in most cases in negligence to them. Either opened in Virus message received by email, a Hack application or have accessed Unsecured web pages.
Since the end of 2017, Firefox It started to warn users When accessing a page HTTP. Chrome came up with an almost similar update, and Google repeatedly urged the webmasters (web site creators) to move on to the protocol HTTPS.
HTTP, HTTPS si Mixed Content
Currently, when you access a web page, there are two types through which the connection is made between your PC and the host server of the accessed web page. These connections can be HTTPS or HTTP. The HTTPS connection involves an SSL certificate to which the host server responds, and the connection between PC and the server is secured / encrypted. Thus, the confidential data of the user and the integrity of the operating system are protected at the time of the interaction with the web page. Identify these secure websites very simply, if you look up at the address bar and see a lock next to the web address.
When accessing a web page with HTTP, the transfer of data, content, between your PC and the host server will be made unsecured and third interactions may occur. Google Chrome Currently warns users with “Not Secure” in front of the unsecured web address.
Besides HTTP and HTTPS there is a third type of content. “Mixed Content“.
What is the mixed content and what are the risks to access a page with mixed content?
“Mixed Content” it is when A web page has a secure protocol https, but in the content there are third parties from an uncertain source, http. These elements can be images, Java scripts, CSS or even authentication sessions. Through these unsecured elements, the attackers can take over the total control of the web page. Including the other elements, which come from the safe source, https.
Unsecured sources from a web page with https can be easily identified from the page source code. It is enough to use a “find” with “http://” to identify these sources.
To “mixed content” It is also concise if a HTTP web address, it hosts sources (image, audio, video, iframe, java script, CSS, etc.) https. This page will not be considered safe either, and Google Chrome will notify users of this. Moreover, starting with January 2020, this warning will be more aggressive, and the owners of the web pages that do not comply to eliminate mixed content, risk losing organic traffic. Currently, Google Chrome blocks the scripts and Iframes from the mixed content, but these limitations will extend to the media content. Images, video and audio.
Firefox has long integrated a warning system when a mixed content is accessed. The lacquer with the exclamation sign tells us that the web address although it is https, contains non-HTTPS that can affect users.
“Part of this pages are not secure (such as images)”.
“Mixed Content” and “NON-HTTPS” There must be no scarecrows. It does not mean that if you access a web page No encrypted connection, immediately follows to vi If you do personal dates. At these risks you are real when you access a HTTP web page on a public WiFi network. WiFi networks from malls, parks, airports, restaurants or other public locations with internet. It is not recommended to shop online or access sensitive accounts on these public networks. A public network WiFi in combination with a non-HTTS web address may be a major problem for your data.
Those who want to move a blog from http to https and escape from “Mixed Content”, I can follow this tutorial:How we move a blog or website WordPress from http to https.
