Anyone want to offer a little tech help?

I am having problems with the Forbes site. Forbes.com. Wondering whether anyone can help me walk through this.

I think, I think, that there’s something wrong with their certificates…although my knowledge of what those are is pretty sketchy. But bear with me.

My assumption is that you register the site somewhere, someone issues a certificate saying “these are OK people”. Your browser, when loading a site, asks to see the certificate and then concludes, well, probably this is safe content. No, don’t explain it more technically than that, that’s roughly it?

And if it’s a safe site, with a reasonable certificate, then it loads nicely. And if the certificate is out of date or whatever, then it doesn’t?

So, when I’m inside the site if I’m in chrome the wordpress backend doesn’t load properly. I get something that looks like this:

“Skip to main content Skip to toolbar

Dashboard
Dashboard
Home
My Sites

Posts
Posts
All Posts
Add New

Media
Media
Library
Add New

Links
Links
All Links”

Instead of that normal wordpress appearance. It looks like everything is there, just that the code isn’t being translated by the browser into the normal look.

When I go in in Explorer, much the same happens. But it also asks me do I want to show unsafe content (not the right phrase, but). When I say yes then it resolves into the normal looking wordpress backend. Thus my assumption that it’s something to do with whether the site is considered safe or not, and thus about certificates. Also, on one mobile, it tells me that there’s a problem with the certificate.

That’s as far as my analysis skills can take me. But does this all sound logical?

And then there’s one more part. Traffic is slow at present. That would seem to me to be consistent with many people being told by their browser that there are certificate problems and thus not clicking through.

So, anyone know enough about these things to be able to tell me whether that all makes some sort of sense?

17 comments on “Anyone want to offer a little tech help?

  1. It is unlikely to be the certificate – that would stop the page loading at all.
    I think it will be that some css stylesheet is being delivered from a different site, perhaps dynamically as a java script file. Your browser knows that this ought not happen and blocks it. Leaving you with the un-styled layout.
    …bit hard to troubleshoot from my phone, Sorry.

  2. Last time we looked at it, I seem to recall that the CDN site certificate didn’t include the correct hostname for the URL it was being presented for.

  3. I’m not a webbie, but maybe:

    Sounds like mixed content warnings, in that some content is being delivered over HTTPS (secured with SSL cert) and some over HTTP (not encrypted, “unsafe”).

    Browsers can throw a spat when HTTP content tries to load into a HTTPS page.

    I think it’s a fix needed at the web team’s end.

  4. I have had problems with the Forbes site in the past. The moment I landed on the URL it attempted to run all sorts of crap. My company’s IT department rates it as “practically malware”.

  5. FWIW. I don’t think this is why Forbes traffic is down. More likely it’s because they’ve mangled the site again, and it’s now impossible to see which articles are getting the most comments/replies.

  6. Try doing an F12 in chrome, reloading the page and then seeing if there’s any errors.

    You’ll see 2 numbers up at the top right. And if you find the Console window and select “Show all messages” you should see loading errors. Some of these will be fine, some not.

    Before you do that, try a ctrl+F9, or try loading it in Incognito mode.

    (and just for clarity, the cert isn’t “these people are OK”, it’s “these are who these people are”).

  7. I’ve had certificate problems before and it was to do with the time being significantly off (not sure how that works, but there you go).

    You could try resynchronizing your clock with the Internet time servers.

    Go to “Control Panel->Clock, Language, and Region”

    Select on “Internet Time” (should be 3rd tab)

    Select “Change Settings” (Requires Administrator privs)

    Select “Update Now”.

  8. Sounds as if CSS isn’t being loaded, so you’re just seeing base content from HTML.

    Get this sometimes, from a variety of sites, when the network is slow, somewhere. Normally, giving it a couple of minutes then hitting F5 to reload cures it, but if it’s happening consistently, and only on the Forbes site, then it’s their problem.

    Front-end seems OK, (for Forbes levels of OK), but in the absence of actual error messages, difficult to tell.

    So, check for actual errors in the console window as per BiW, particularly CSS ones. Malformed CSS will stop the browser interpreting the rest of the file, but in that case, every contributor using the back-end will have the same problem.

    SSL problems can cause all sorts of weird shit.

  9. Mixed Content: The page at ‘https://blogs.forbes.com/timworstall/wp-admin/edit-comments.php’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://blogs.forbes.com/timworstall/…. This request has been blocked; the content must be served over HTTPS.

    Many error messages like that from Tim Almond’s F12 suggestion.

    So, definitely their problem, not mine.

  10. It’s a shame, I really enjoy the stuff you write at Forbes. But their site is so bad I usually don’t bother anymore.

  11. You’d think a site bearing Steve Forbes’s name could acquire a couple of web monkeys that could at least give a hand-waving description of same-origin policy. Mixed content has been an issue since, ooh, about 1995 when Netscape got HTTP support. These days you probably shouldn’t even be serving HTTP content except a landing page that does a redirect to the secure site.

  12. @MattyJ, April 2, 2017 at 12:42 pm

    +1 But….

    … I have most javascript, all trackers and all ads blocked on Forbes

    A more pleasant and faster experience.

    @Rob, April 2, 2017 at 10:26 am

    I have had problems with the Forbes site in the past. The moment I landed on the URL it attempted to run all sorts of crap. My company’s IT department rates it as “practically malware”.

    Yep, agree.

Leave a Reply

Name and email are required. Your email address will not be published.