Virgin Mobile

Your website is not fully secure

SOLVED
Highlighted
Whiz Kid

Your website is not fully secure

Google says the front pages of your site are fully secure.  But once logged into my account it says it's not fully secure.  This is definitely NOT what you want to see on a page where you're entering credit/debit card information!

unsecure.jpg

 

1 ACCEPTED SOLUTION

Accepted Solutions
Agent

Re: Your website is not fully secure

Thanks for bringing this to our attention. We definitely value your feedback and we’ll be sure to pass it on. 

8 REPLIES 8
Agent

Re: Your website is not fully secure

Hello, Offworld. Our website is official and secure. The ranking of Google has nothing to do with us.

 

If you have any other question or concern, feel free to reply. We're here to help!

Whiz Kid

Re: Your website is not fully secure

It's not a "ranking" from Google.  It's a security assessment and it says your site is NOT fully secure.  Firefox browser gives a similar warning.  Safari won't show the padlock once I'm logged into my account.  What it means is that there is content, such as images, on those account pages that are being delivered from a non-secure server.  Someone could stage a man-in-the-middle attack by intercepting and replacing that content with something malicious because it is not secure.  The FRONT of your site is secure.  It's the "My Account" area once logged in that is not, which disturbingly includes pages where people are entering credit/debit card information.  Your server administrator needs to fix this!

Agent

Re: Your website is not fully secure

Most likely you have "mixed content". Visitors to sites protected by SSL expect (and deserve) security and protection. When a site doesn’t fully protect or secure all content, a browser will display a “mixed-content” warning. Mixed content occurs when a web page containing a combination of both secure (HTTPS) and non-secure (HTTP) content is delivered over SSL to the browser. Non-secure mixed-content-error content can theoretically be read or modified by attackers, even though the parent page is served over HTTPS. To fix this you would need to be able to identify the non secure content within the code of the site. Most common day browsers like Google Chrome and Mozilla Firefox have an ability to look at the code in a developer stance meaning its like  debugger console built into the browser. In Google Chrome you would right click on the page that is displaying the warning and select "Inspect." On Mozilla Firefox same idea but they call it "Inspect Element." Once you have done look for any "Mixed Content" warnings. If you are using word press also make sure that you install a "Force SSL" plugin to automatically make all pages ssl secured.

 

Hopefully this helps!

Whiz Kid

Re: Your website is not fully secure

Ok, you copied and pasted that from the second search result on Google, an answer on GoDaddy forums which is telling someone how to configure their WordPress website so it doesn't serve mixed secure and insecure content.

I'm not looking for a solution, I'm just trying to make you aware that the Virgin Mobile website is not fully secure when I'm logged into my account.  This is nothing that I, nor any other customer can fix. Your server administrator has to fix it.  It's on your end, the Virgin Mobile server is not configured correctly and/or the account pages need to be recoded to stop pulling content from a non-secure source.

Agent

Re: Your website is not fully secure

Thanks for bringing this to our attention. We definitely value your feedback and we’ll be sure to pass it on. 

Whiz Kid

Re: Your website is not fully secure

Apparently not....

I see the same message when I open the "My Account" app that comes pre-installed on your phone.

I'm not sure why this would happen, since it's not very useful to have an app designed to access your site, which can't even do the one thing it was made to do.

Whiz Kid

Re: Your website is not fully secure

I have also seen this message, even when using the pre-installed "My Account" app that came with my phone. It won't even let me attempt to connect anyway, which makes the app useless. I have to use a computer, or call in to get anything done.

Agent

Re: Your website is not fully secure

Hello, @gort209. Our team is looking into it. In case you're experiencing difficulties to perform changes through the My Account app, we suggest you try clearing the data or cache of the application. Also, feel free to get in contact with us if you need assistance. We're here to help.