“Not Secure - Mrlandlord.com “. This comes up in my browser for this website. “Not secure” has not come up on any other website I have used. Does it matter that this site is not secure? Are all other sites out there secure, then?

That happened to me too on here a couple of times. I wasn't sure what it meant.

Does it need to be secure? Everything you post is open for the world to see!

Not secure simply means that it doesn't encrypt the data between your browser and the mrlandlord server. Not needed in this case since you don't log in and everyone can see everything. There is nothing for a hacker to gain by grabbing the data in transit between you and the server, they could more simply just post using any screen name.

This is important though for things like banking or sites where your personal information is transmitted through your browser.

It's because the site is not using secure socket layer that gives a more secure connection. My post was flagged because I put the actual letters. Hyper Text Transfer Protocol Secure (stronger) instead of plain Hyper Text Transfer Protocol. google noted last year that it would give precedence to secure websites in search results, so many sites bought ssl certificates.

An SSL certificate would be nice to just get rid of the error, and they don't cost very much. Some webhosting sites charge less than $10 a year for one.

You can literally get free certificates from Let's Encrypt. So, it likely isn't a certificate cost issue. It's more likely a "someone just needs to take the time to get this set up" issue.

That being said, I agree it isn't a big concern since we're not sending sensitive information. That being said, the site likely IS falling some on Google search results because it lacks a proper SSL certificate.

- John...

I just did some looking around and almost all of the sections of the main site link to some other site -- that IS secure -- before you put in any sensitive information. However, the exception is the "downloads" section -- where it is not secure and wants you to log in if you've already subscribed or even wants you to input a credit card if you haven't -- all without SSL enabled. That portion of the site, at least, needs to be changed/fixed ASAP. People should not be sending their login information or credit cards in plaintext. Ever.

- John...

Salernitana, the downloads section of our website is where members/subscribers are able to access numerous additional landlording resources including audio and video trainings, rental forms, ebooks and more - "Downloads.MrLandlord.com"

It's not a big deal. Sometimes you get that notice if the website is using a self-published ssl certificate created on their own server, as opposed to a godaddy.com or symantec published SSL certificate. Or, if they are using a published SSL certificate then it means that somewhere on their site, they're importing data using an http: link instead of an https: link. It may mean that the data is secure, but the site maybe imported a graphic using an unencrypted call (http, not https).

Someone asked the webmaster to chime in, so here goes... I know that several of you have an IT background and many know the following, but I first want to share just as a bit of background on https/ssl security:

Early on in the web’s history, an “https" server was very expensive relative to an “http” server, and a proper SSL Certificate was appropriately costly on top of the server software’s cost (all SSL certs are NOT created equal; see below* for more info if you are interested in the technical aspects of a proper SSL Cert). Furthermore, sending data through https servers, in the earlier days, was far more taxing on the processing server itself than the nonsecure method of http — this caused slowdowns in transferring the data from server to user for secure data. Recent advancements in processing power have nearly eliminated (or made insignificant) the extra processing ‘overhead’ that https encryption requires. AND, https is now a built-in feature of most web servers (however, the certificate is NOT built in).

Other than the downloads section of the site (which will soon be updated and corrected) every part of www.Mrlandlord.com is indeed “secure” where any sensitive data is concerned (as John noted in one of his posts to this thread). Historically, there’s been no reason to encrypt and secure data that is not ‘sensitive’ in nature. So, over the years, millions of sites have developed without the use of https servers. Since protecting publicly available information is nonsensical (why protect/encrypt something you are going to show to everybody anyway?), there has been no compelling reason to rewrite the code on older sites to utilize https for all data. That’s the reason this Q&A is not using https — it’s not necessary because there is no sensitive data being transmitted between the server and the user or site owner, AND this was developed before Google took it upon itself to force everybody to use encryption for ALL DATA REGARDLESS OF ITS NATURE (apparently without considering the undue burden it puts on site owners that have no sensitive data to protect).

Google has decided, unilaterally, and not for very good reason, IMHO (pioneering web host and webmaster in the industry since 1993), that every bit of data on the entire web should be sent via encrypted method (HTTPS). Google is enforcing this idea with two powerful mechanisms: 1) penalizing sites in search results for not having an entire site going through https servers, and 2) programming Chrome to announce to its users that a page or image on a site did not go through an HTTPS server — thereby showing you the “INSECURE” notation — despite that there’s no reason, necessarily, to encrypt/secure such data.

*For the technically inclined who want to know more about secure connections: Secure HTTP (or HTTPS: Hyper Text Transfer Protocol Secure) is sent over an SSL (Secure Sockets Layer) to accomplish encryption. This mechanism was invented for TWO reasons: 1) so sensitive data could be ‘scrambled’ and nearly impossible to read if intercepted between the server and the end-user; and 2) the SSL certificate validates that the owner of said 'secure site’ is indeed who they say they are (depending on the certificate a website is using, a user can be sure they are dealing with whom they THINK they are dealing — this is validation of the site’s claimed owner. After all, if you are sending encrypted data to the wrong person, it really doesn’t matter that it’s encrypted — you’ve already had your security breached. However, SSL certs can be created by anyone for free, and they will work with any HTTPS server, but if that certificate hasn’t been validated by a reputable third party (like Experian or Godaddy, for example), then the user can’t be sure they are sending their sensitive data to the right person/business. So, a properly secured site doesn’t simply have a valid certificate and https server, but a certificate that has been validated by a responsible and respectable third party — you can read about this when you investigate the actual certificate which is available for your perusal through your browser while you are connected to the secure site in question (click on the ‘lock' to the left of the address in the address bar to see info on the certificate and who issued it).

Well said and I agree. This site is fine without it because it has it wherever we're doing sensitive data (except for that one spot that is being corrected). All good!

Awesome, thank you, John, Jeffrey, and Webmaster Rick!