Author Topic: FireFox insecure pasword sign in joomla/virtuemart  (Read 1559 times)

andrai2

  • Jr. Member
  • **
  • Posts: 79
FireFox insecure pasword sign in joomla/virtuemart
« on: February 09, 2017, 09:51:27 am »
Hello!

Recently i have noticed one thing if you open site - probably spam -ample http://demo.virtuemart.net/ in firefox in left corener you have insecure paword sign, basicly it is not so good marketing

I now it is not virtuemart direct issue, i read the fire fox statement as https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861

As i am google around i want to ask maybe there is some turtorial have to avoid this sign in firefox in joomla virtuemart using https, as have not done this maybe there is some extensions or have to go to my host and have ssl implement

Thank you!

lindapowers

  • Full Member
  • ***
  • Posts: 1335
  • If you're going through hell, keep going.
    • Venta de naranjas online y mandarinas
  • Skype Name: manu.gonzalez91
  • VirtueMart Version: Latest avi
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #1 on: February 09, 2017, 10:14:00 am »
You should check in google chrome, is even worst.

Yes ask for SSL

Ghost

  • Jr. Member
  • **
  • Posts: 419
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #2 on: February 09, 2017, 12:05:16 pm »
First you need an SSL certificate. Once you have that setup, force HTTPS in Joomla configuration or in .htaccess.

VirtueMart sites do support HTTPS, but it's not forced. E.g., you can enter https://demo.virtuemart.net/ manually.

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 27570
  • Always on vacation
    • Jenkin Hill Internet
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #3 on: February 09, 2017, 12:23:41 pm »
Google has stated that Chrome, which already flags up pages with a login that do not run under SSL will, possibly later this year, show a security warning in the browser address bar for any web page that does not run under SSL. So the best approach is to get a certificate installed and to run the entire site under SSL.
Kelvyn

Jenkin Hill Internet,
Lowestoft, Suffolk, UK

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VM 3.6.8.10197 on Joomla 3.9.13 PHP 7.0.33

andrai2

  • Jr. Member
  • **
  • Posts: 79
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #4 on: February 09, 2017, 12:30:12 pm »
Thanks for answers! This is good  https://demo.virtuemart.net/ what i need

my steps are

1. Cotact server asked for ssl - they said they will
2. In joomla admin cheked- servers - force sll-entire site

lets see whats will happen

p.s. as i thought ssl where only for payment methods, not obligated, panic a little bit, will impliment in other vm sites to not have this warning

AH

  • Global Moderator
  • Sr. Member
  • *
  • Posts: 3014
  • VirtueMart Version: 3.6.3
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #5 on: February 09, 2017, 12:56:07 pm »
" In joomla admin cheked- servers - force sll-entire site"


I would force using .htaccess rather than depending on joomla settings

Be careful of any links that you may have coded in text etc - they should really be relative and not contain HTTP://  otherwise you will get a browser warning
regards
A

Joomla 3.9.12
php 7.2

aftertaf

  • Jr. Member
  • **
  • Posts: 205
    • sO couture
  • VirtueMart Version: 3.2.14
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #6 on: March 10, 2017, 22:22:37 pm »
On the topic of certificates, any quick tips on which authority to use? I tried CACert back in j1.5/vm1.x days but as it wasn't in any browser certificates store there was still a warning... Just trying to save time by asking what you people recommend...😀

Edit: I think I'll try this out...
https://letsencrypt.org/isrg/
Webmaster for my wife (link in my profile ;)
Extensions / plugins : POSForWebshops, TemplatecreatorCK ,MaximenuCK, and PageBuilderCK, VM BatchEdit Pro, VM CustomFilters Pro, Awocoupon Pro, slogin, supersaas,  among other things...
Joomla! 3.8.6//VM 3.2.14//PHP7.0.18 & mariadb 10.1.22 on Debian
big up to notepad++!!!!

lindapowers

  • Full Member
  • ***
  • Posts: 1335
  • If you're going through hell, keep going.
    • Venta de naranjas online y mandarinas
  • Skype Name: manu.gonzalez91
  • VirtueMart Version: Latest avi
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #7 on: March 10, 2017, 23:25:20 pm »
Lets encrypt is decent Ill say but I remember Stan (Rupostel) told me we should use a ssl2 or 3 cant remember :)

The main issue of lets encrypt is that is not set by dedicated IP and some payments dont like that.
It caused a concrete payment for credit cards tnot update the order status in VM.
We had to change the plugin response to http via .htacess but well... is free and does the job.

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 27570
  • Always on vacation
    • Jenkin Hill Internet
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #8 on: March 11, 2017, 00:22:21 am »
If you are on a server with a recent version of cPanel then you may have AutoSSL free hostname SSL available (depending on the host).  eg see https://blog.cpanel.com/the-cpanel-market-provider-and-free-hostname-ssls/

Not being crowd funded this may be preferable to Lets Encrypt, but is still not dependant on using a dedicated IP address. Ideally use Comodo or similar to provide an Extended Validation (EV) SSL certificate.
Kelvyn

Jenkin Hill Internet,
Lowestoft, Suffolk, UK

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VM 3.6.8.10197 on Joomla 3.9.13 PHP 7.0.33

aftertaf

  • Jr. Member
  • **
  • Posts: 205
    • sO couture
  • VirtueMart Version: 3.2.14
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #9 on: March 11, 2017, 11:23:42 am »
I am on a dedicated vm reachable by port forwarding on a static IP.
Setup for me by a Linux guru friend...so not cpanel or shared hosting
Webmaster for my wife (link in my profile ;)
Extensions / plugins : POSForWebshops, TemplatecreatorCK ,MaximenuCK, and PageBuilderCK, VM BatchEdit Pro, VM CustomFilters Pro, Awocoupon Pro, slogin, supersaas,  among other things...
Joomla! 3.8.6//VM 3.2.14//PHP7.0.18 & mariadb 10.1.22 on Debian
big up to notepad++!!!!

AH

  • Global Moderator
  • Sr. Member
  • *
  • Posts: 3014
  • VirtueMart Version: 3.6.3
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #10 on: March 12, 2017, 12:23:02 pm »
Quote
I am on a dedicated vm reachable by port forwarding on a static IP.
Setup for me by a Linux guru friend...so not cpanel or shared hosting

Then get him to install the certbot letsencrypt application

When using letsencrypt make sure you run a cron job as suggested - because the certificate needs renewing every 3 months

If your site is new and and you want https for everything (using a LAMP stack) on your server - force https in the site .conf file and not in .htaccess
regards
A

Joomla 3.9.12
php 7.2

aftertaf

  • Jr. Member
  • **
  • Posts: 205
    • sO couture
  • VirtueMart Version: 3.2.14
Re: FireFox insecure pasword sign in joomla/virtuemart
« Reply #11 on: March 14, 2017, 20:40:31 pm »
thankyou for the tips, i'll be sure to do what you say ;) Cheers again !!
Webmaster for my wife (link in my profile ;)
Extensions / plugins : POSForWebshops, TemplatecreatorCK ,MaximenuCK, and PageBuilderCK, VM BatchEdit Pro, VM CustomFilters Pro, Awocoupon Pro, slogin, supersaas,  among other things...
Joomla! 3.8.6//VM 3.2.14//PHP7.0.18 & mariadb 10.1.22 on Debian
big up to notepad++!!!!