Does it seem right that http sites "appear" more secure than https (SSL) sites that have mixed content and display warning messages?
I'm a WordPress developer, and I went through a lot of effort to set up SSL for a site. However, due to a Pinterest widget that displays insecure content, which has to be used, all browsers scare users to thinking that the site is not secure. Sadly, I am better off removing SSL from the site, which removes security warnings, giving visitors a better sense of trust, than having SSL enabled with a few scripts that are not secure and the browser displaying warning messages.
I think an SSL site with mixed content is MUCH better than an unsecure site. The way a browser should handle http and https should encourage developers to want to set up SSL, not to remove it.
I would like to hear some thoughts on this.
All Replies (3)
I suppose the globe icon could be changed to a skull and crossbones if it needs to be scarier than the ! triangle...
Which Pinterest plugin are you using? I rolled my own Pin It button code so it would integrate neatly with my lightbox (example), but if you prefer a plugin, it might be a very quick fix.
Official Pinterest Widget is what I need to use. This can only be fixed by Pinterest.
Would you leave up a site with mixed content? Or would you make it all insecure?
You're right, since Pinterest doesn't offer HTTPS access to user content on its server (only for its own buttons and scripts), there's no way to fix this using their image hosting.
I like using HTTPS to protect logins. For non-sensitive content, I might not bother.