If u used something like Dreamweaver or other web development software, could u do a find and replace for all ur php and html pages…
I’d assume this could work but not sure…maybe someone could comment!
To directly search in the files on the server you need more access than is usually given to shared hosting users 
I used to have my site backed up to a local PC/Drive so I had any number of ways to manipulate the files locally.
Initially, I went down that route - using a Search&Replace - but found that it broke more than it fixed.
The only http:// references you need to worry about are the ones that embed data (such as external graphics, iframes, external flash content etc). These put 3rd-party data onto your site. If they are not served securely to you, your site is compromised. External links to other sites (simply as a hyperlink) do not compromise your own site.
When changing my own site over, I used the following
- For graphics and other static content, can you download it and serve from your own site?
- Does that supplier serve its content under https:// (change the necessary links and check it)?
- If no, is there another supplier who does?
- All else failing, can you live without the content? (remove it)
You may wish to take the moral high ground and only suggest viewers go to other secure sites. This will involve checking all your external hyperlinks can be switched to https:// and remove those that can’t. This is not essential as they do not directly compromise your own site. I personally feel it is worthwhile going through all my hyperlinks every-so-often to remove dead or updated links - this is just an extension of that routine housekeeping. There are a considerable number of sites out there which are not https:// compatible, and doing a block Search&Replace will actually break those links. I leave http:// links in; the person potentially viewing the other site can make the decision whether to go non-secure or not.
If you insist on serving w3c compliant hypertext (and I do), you should note that changing the http:// in the !Doctype declaration will break that compliance; leaving it as http:// appears not to affect the https:// compliance (if anyone knows otherwise, please advise me).
Its not a difficult job to convert, just time-consuming. A methodical approach is advised 
This tool works great for testing https pages/sites. It also shows you any errors by line number…
https://www.whynopadlock.com
But still it is quite a task to see if each link will work using https
If you use yowindow, it won’t work with https.
Cheers. Had actually found that one out, so will be ditching them as a forecast supplier.
Still awaiting responses to emails sent to UK Met Office about their Datapoint service, and to Meteoradar about their widgets.
Positive responses from them and I’m good to go with my weather site, negative responses and I’m still searching for a decent forecast and rainfall radar for Scotland. (suggestions welcome, if forum rules permit)
I’m trying to make sense of all the Google stuff, and then following the discussions here, wonder if:
My only purpose for a web site is to a) let me see data from my stations
b) If anyone wants to look (and use Meteotemplate’s or WD’s sunrise/sunset and astronomical info) can do so.
Those folks under b) will have been given my web server’s location by myself or someone else, not through a Google search, at least not that I know of.
In that situation, how is Google going to warn anyone (well, if they are using google browser I guess they’ll build it in) but if someone with IE or FireFox or such comes to my site after the magic day, how would this affect them?
I think it is laudable to push for web security, but when Google is harvesting enormous amounts of data about the internet users and selling it to advertisers, I find it hypocritical for them to point out ‘security’ flaws in my site just because I don’t have the ‘s’ in my address or have bought a security certificate.
I certainly enjoy the heck out of other people’s weather pages and get a lot of info (for no one’s use but me) and to have to think that some folks putting their sites up have to pay more or disappear, or to spend a lot of time fine tuning code that they didn’t understand in the first place (me) or that gets changed with a new version, is really imposing on Google’s part.
If they want to do something, they’d block unauthorized cookies, pop ups, data trackers and whatever it is that Ublock and similar programs filter out. Maybe that will happen, too, but I doubt it. For Google to just block sites that while secure in content may not have the magic letters is like putting a raincoat on during a hurricane, it really does zero good overall while appearing to be advancing security.
My two cents, and also hope that someone can say if there will be a problem with my site if I do nothing to it other than not appear in a google search or if a google browser tries to access it?
Thanks, Dale (still trying to understand this all)
If the warning is as shown in this link to the Register https://www.theregister.co.uk/2018/02/08/google_chrome_http_shame/ then its not that bad, it certainly isn’t going to make me upgrade my own server (2003 using IIS6) to handle HTTPS sensibly, users will have to accept that a site that doesn’t ask for any information from them really doesn’t warrant the cost of a new OS and licences plus what is going to become a monthly renewal process (in many cases) to keep the certificate valid.
Can’t you use a free cert from Let’s Encrypt?
Yes you can but not very easily it seems, according to the write-ups, LetsEncrypt software doesn’t support releases prior to 2012 R2 so you have to follow a bit of a rig-me-roll to do so https://peacefulan.com/index.php/2016/08/25/iis6-letsecrypt-ssl-certificates/ which means its also a real pain to do when I’m away and would need to transfer between different machines and OS’s.
I agree, Dale. As little as my weather websites are viewed, I think it would be a waste of good time. I really built them for my benefit, in any case.
I agree too. If it’s just a personal site for convenience, and you’re not going for high visitor count, it’s probably not a big deal. Your web site log files will show any visitors who were referred from Google search.
I’m still torn on this. I would cost be a lot of time to either switch to another provider for a cheaper HTTPS solution, or I have to almost double my yearly hosting costs at my current provider. I have a free SSL cert, but it doenst work since it requires a static ip. My provider says thats a “business” need and charges your double basically to have a static host, but it does come with SSL cert they provide.
Now I will say my provider has been very quick to fix their php errors of a bad install, but the SSL prices just for my weather site are silly… And I agree, this is a weather site, why should I go thru all the extra work for SSL and cost?? I enjoy this and like to look at it quickly online or wherever. This is not a business…
is this not use being told how to run our websites by google.
I for one do not have anything on my site I call sensitive and it’s only my data so I see no reason to go the secure route.
It’s one thing google warning of an insecure site but if they block the site it is not in the spirt of what the world wide web is all about.
I am not loosing any sleep over it 8O
Good, then neither shall I. I need my sleep.
Update - response from UK Met Office about their Datapoint service -
[color=blue][i]The DataPoint API is not served using HTTPS.
We understand that HTTPS should be used and HTTPS will be used in the next generation of API from the Met Office.
As a work-around, we recommend that the end-user
As they say you should be using their service from the server side, where it doesn’t matter so much if it is https or not.
with my provider ssl would be 288 per year. I don’t need that. I do have google analytics and thinking about it, too expensive. However Hostmonster does have 24/7 support and they will work with you. 
That’s just ridiculous when many hosts are providing it for free 8O