Saturday, October 14, 2017

Putting the Top Together and Switching to HTTPS on Blogger

Another week, another disaster. This time California wildfires. My brother helped with some in Colorado earlier this year. There are opportunities for each of us to help somewhere. This planet is our only home; everyone is a neighbor.

I moved the blocks to the design wall as I sewed the diagonals. Arranging blocks in front of the oven won't work two days in a row. ;-)

Blocks sewn and transferred to the design wall

Switch to HTTPS

As we use technology we need to keep our hardware and software as secure as possible. Fantastic programmers are constantly finding solutions to weaknesses in the system. They report how to plug those holes. With phones, tablets, and computers it's frequently added to the system updates but we still have to push the button. Not to update is like refusing to wear your seatbelt.

We are all aware of the recent Equifax hack that stole millions of records. Current reports suggest hackers got in because Equifax failed to update a security patch for over a month. Through the years bloggers have been hacked; their links suddenly point to porn sites or their entire site sends you to a scam page instead. Fortunately there's an easy fix if you use Blogger. Simply switch to HTTPS, that's Hypertext Transfer Protocol Secure.

The "secure" is the important part because data can't be altered during transfer (your links won't be hacked) and users are sure they are communicating with your website (no man-in-the-middle attacks where a hacker redirects your entire site.

In Blogger, go to Settings then Basic. Click on "Yes" under HTTPS to HTTPS Redirect.

Hooray. You're safer already but you're not done. You'll probably see a "mixed message" note. This is a tedious but important repair. Get some coffee and expect to spend some time. How much time? That depends on how many links need fixing. Google has a page explaining how to repair mixed content for Blogger on Chrome. (This is what I use; I'm not a programmer.)

The first part reads:

Here's where you find JavaScript Console:

Here's what a mixed content message looks like. It's color coded. No, I don't know what all the other stuff means.

You must find that code in on your site and fix it. {Google has more information on discerning whether it's coming from a single page or is on multiple pages. Read the link above for that information.} If it's someone else's gadget, send them an email asking them to repair it. I could repair some; others need someone else to fix. I've given them a deadline.

Once you finish your old posts and pages, it's easier to avoid these errors in future. Here's how.

Yes, that code looks like the foreign language it is. But we can learn to understand the parts we need to repair. It's like learning to use SpellCheck. Good luck and "let's be careful out there."

EDIT: I prefer to create and edit my posts in Chrome. It and Blogger are both Google products so I expect fewer interface issues. You can check JavaScript in Safari. It's in the Develop menu.

If you can't find Develop, turn it on by going to Preferences...

and then clicking the Advanced tab.

JavaScript appears at the bottom of the screen. The correction process should be the same as with Chrome but I'm not certain of the details.

Enjoy the day, Ann


  1. Thank you for taking the time to share this. It is important to be aware of. Is there a way to tell if a blog I am reading is secure?

    1. What Abelian wrote below is correct. Also, if you hover over the navigation bar without clicking the website should start with https rather than http.

  2. Your browser should tell you if you're at a secure site. Look in the address bar at the top of the window. The browsers I use on my Mac (Firefox, Chrome, Safari) all show a little locked padlock symbol to the left of the URL. If the padlock is unlocked, the site is not secure.

  3. Thanks. I didn't realize I needed to enable the https redirect in blogger. It was only working with https if the user specified https, now it automatically upgrades everyone to https. I just made the change on my blog, and I hope others see this and do the same.

    1. I’m glad you upgraded. We all need to be more alert. Fortunately Google Blogger has,adethis easier.

  4. Unfortunately, last I checked Blogger doesn't support https with a custom domain name like mine. But hopefully they're working on it! If anyone ever sees something dubious on my blog, I certainly hope they will tell me!

    In any case, the quilt is looking wonderful!

    1. You're right, Monica. Blogger had caveats about using custom domains. There are several things that won't be updated as easily.

  5. Excellent advice and I thank you so much for sharing!

  6. I like how the circles are looking. The security stuff is something I've kind of known I should think about but have adopted a head in the sand approach too. Thanks for the prompt, and the thorough notes!

    1. Don't you wish we could trust everyone? I hope you can get your blog updated. It doesn't matter until it does.


I enjoy reading your comments and usually reply here where everyone can read and join in. We have some great conversations.