News:

Looking for documentation? Take a look on our wiki

Main Menu

FireFox insecure pasword sign in joomla/virtuemart

Started by andrai2, February 09, 2017, 09:51:27 AM

Previous topic - Next topic

andrai2

Hello!

Recently i have noticed one thing if you open site - probably spam -ample http://demo.virtuemart.net/ in firefox in left corener you have insecure paword sign, basicly it is not so good marketing

I now it is not virtuemart direct issue, i read the fire fox statement as https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861

As i am google around i want to ask maybe there is some turtorial have to avoid this sign in firefox in joomla virtuemart using https, as have not done this maybe there is some extensions or have to go to my host and have ssl implement

Thank you!

lindapowers

You should check in google chrome, is even worst.

Yes ask for SSL

Ghost

First you need an SSL certificate. Once you have that setup, force HTTPS in Joomla configuration or in .htaccess.

VirtueMart sites do support HTTPS, but it's not forced. E.g., you can enter https://demo.virtuemart.net/ manually.

jenkinhill

Google has stated that Chrome, which already flags up pages with a login that do not run under SSL will, possibly later this year, show a security warning in the browser address bar for any web page that does not run under SSL. So the best approach is to get a certificate installed and to run the entire site under SSL.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

andrai2

Thanks for answers! This is good  https://demo.virtuemart.net/ what i need

my steps are

1. Cotact server asked for ssl - they said they will
2. In joomla admin cheked- servers - force sll-entire site

lets see whats will happen

p.s. as i thought ssl where only for payment methods, not obligated, panic a little bit, will impliment in other vm sites to not have this warning

AH

" In joomla admin cheked- servers - force sll-entire site"


I would force using .htaccess rather than depending on joomla settings

Be careful of any links that you may have coded in text etc - they should really be relative and not contain HTTP://  otherwise you will get a browser warning
Regards
A

Joomla 3.10.11
php 8.0

aftertaf

#6
On the topic of certificates, any quick tips on which authority to use? I tried CACert back in j1.5/vm1.x days but as it wasn't in any browser certificates store there was still a warning... Just trying to save time by asking what you people recommend...😀

Edit: I think I'll try this out...
https://letsencrypt.org/isrg/

lindapowers

#7
Lets encrypt is decent Ill say but I remember Stan (Rupostel) told me we should use a ssl2 or 3 cant remember :)

The main issue of lets encrypt is that is not set by dedicated IP and some payments dont like that.
It caused a concrete payment for credit cards tnot update the order status in VM.
We had to change the plugin response to http via .htacess but well... is free and does the job.

jenkinhill

#8
If you are on a server with a recent version of cPanel then you may have AutoSSL free hostname SSL available (depending on the host).  eg see https://blog.cpanel.com/the-cpanel-market-provider-and-free-hostname-ssls/

Not being crowd funded this may be preferable to Lets Encrypt, but is still not dependant on using a dedicated IP address. Ideally use Comodo or similar to provide an Extended Validation (EV) SSL certificate.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

aftertaf

I am on a dedicated vm reachable by port forwarding on a static IP.
Setup for me by a Linux guru friend...so not cpanel or shared hosting

AH

QuoteI am on a dedicated vm reachable by port forwarding on a static IP.
Setup for me by a Linux guru friend...so not cpanel or shared hosting

Then get him to install the certbot letsencrypt application

When using letsencrypt make sure you run a cron job as suggested - because the certificate needs renewing every 3 months

If your site is new and and you want https for everything (using a LAMP stack) on your server - force https in the site .conf file and not in .htaccess
Regards
A

Joomla 3.10.11
php 8.0

aftertaf

thankyou for the tips, i'll be sure to do what you say ;) Cheers again !!