No padlock showing in your “secure” website page?

How to track down non-secure design assets which are compromising your dental website

Encryption for your websiteSo your web designer updated your website to https encryption, possibly at a very handsome fee, but you’re still seeing an insecure message and no green padlock in the browser address bar? This is very infuriating and can happen with one or more of your website or blog pages.

Not only is this infuriating but also potentially business-losing in that it’s very off-putting to users who are now used to fully secure websites and check to make sure before they interact with you.

So what’s gone wrong? Why are you still seeing signs of an insecure page even though you’ve had the SSL certificate installed and all of you website pages switched to https?

Understanding web page security – https

Web pages can be served to user’s browers by using something called an SSL certificate which is installed on the website server. In basic terms, this encrypts the contents of the web page before it is decrypted to show normally in the user’s web browser. This also goes for any data which is transmitted via a website contact form. Over 65% of all websites are now running with encryption protocols and this is increasing all of the time. With user privacy and initiatives like GDPR now firmly with us, encryption is becoming standard practice and frankly, users now expect it.

Back in 2018 ahead of GDPR, we converted hundreds of dentist’s websites to use https rather than the old http standard. As we’ve covered elsewhere in our blog, it’s not just user confidence we are trying to gain by doing this; Google now also gives search ranking benefits for sites which are using encryption correctly.

Now we’ve refreshed our memory about https and the key reasons why your website must have it, let’s take a closer look at where this can go wrong and how you can track it down and fix it.

The green padlock

Perhaps the most well-known indicator that a website is correctly encrypted, is the green padlock which shows in the browser address bar – this is what most user’s look for. If you look deeper, you can also see the details of the certificate which has been used to complete the encryption on the server.

However, very often you will see websites which are apparently encrypted which don’t show the green padlock in the browser bar; they show something else such as a red padlock, or even no padlock at all. This means that the web page concerned is not actually completely secure and could theoretically compromise your data. So you need to establish what has gone wrong and get your developer to fix it.

What causes web page encryption to fail?

Several things can cause the encryption to fail as follows:

  • Expired or missing SSL certificates
  • Non-approved certificates
  • SHA algorithm failures
  • Insecure web calls to images, cascading style sheets, javascript and other 3rd party assets

These things can occur for several reasons, ranging from forgetting to update your SSL certificate to adding content via a CMS and linking to third party websites or assets in an insecure way. It’s easy to mess up if you don’t really know what you are doing or how to check if what you have done is correct.

Fixing the issue of no “green padlock”

Periodically it pays to check through your dental practice website to look for any anomalies and inconsistencies. One of these check should be for the green padlock. If you see anything else such as a red padlock, broken padlock or other messages to indicate insecurity, then there is an issue to be investigated and resolved. At this point, it is most likely that you will need to seek guidance from your dental web designer as the technical issues can be quite complex. However, if you have some experience and wish to try to resolve the issue yourself, then this tool is very useful:

Why No Padlock

This is a website where you can input the web address of the affected page for an automatic assessment of the technical problem(s). You have to complete the usual captcha box to allow the test to run, but this is well worth it to gain some important insights. The report which comes back is usually very accurate and will show you exactly what needs to be fixed on your website to allow the green padlock to be re-instated. You can then either refer to your web designer or have a go yourself if your DIY web skills are suitably honed.

Summary

Web encryption is now the recognised standard and users are very keen to see the green padlock and https web address prefix when they are on your website. However, this often goes wrong and users can be spooked when they see the padlock disappears. To prevent this, it pays to audit your website periodically, including checks to ensure that the green padlock is in place correctly and if it’s not, then get it fixed. As noted above, there are free tools online to help you with this.

If you have issues with your existing dental website encryption or simply want to have your site encrypted for the first time, then the team at Dental Media will be pleased to help. Please call us on 01332 672548 to discuss your requirements or to schedule a free website audit.