A former client wrote into me today with this puzzle, and I thought I’d share it in case it’s useful to anyone else:
Hello Hunter, A while ago you updated my WordPress website. I noticed that when I go to my blog (diannej.com/b/), I see that the connections suddenly show as “Not Secure.” However, when I go to just diannej.com, it does show as secure. I have paid for an SSL certificate which should cover the whole site, but does not appear to be doing that. Any ideas why? Owen said he went to Siteground to get help, but they no longer seem to have a ticket desk for problems. Thanks for any assistance you can offer.
Yes, absolutely! Happy to advise. Bummer that Siteground is so unhelpful!
Ok, so here’s the deal about http versus https, in layman’s terms:
https sites have their identity confirmed. It’s like Anne Hathaway being carded to confirm she’s really her and not just an absurdly good look-alike trying to get free drinks at the exclusive club.
Why does this matter? You’ve heard of phishing, right? When a site poses as another site to steal your password or credit card information? Right? Good. So, this poser phishing site, it can look the same, even down to the url in the address bar, thanks to super sneaky technology. This is like being an Anne Hathaway lookalike who actually changes her name to “Anne Hathaway” to fool more unsuspecting bouncers. https is our defense mechanism against this, a technical way to confirm the identity of the site you’re visiting to ensure it’s the real deal.
But my site doesn’t even take credit cards! Why should I pay for a security certificate when I don’t ask for sensitive information?!