We recently had someone contact us looking for a cleanup of a hacked website due to the Chrome web browser displaying the message “Insecure content blocked: the page is trying to load scripts from unauthenticated sources.” when visiting their website, which they thought was caused by malware on the website. It was good that they contacted us and not one of the many unscrupulous security companies out there, as instead of taking people’s money before even knowing if our service is really needed, we actually make sure the website is hacked first (when there is a real hack, we don’t charge until the work on the cleanup is completed).
In this case the website wasn’t hacked, instead it was simply a case where some of the URLs for content on the page were using HTTP URLs even when pages of the website were requested over HTTPS, which creates a minor security issue, hence the warning.
What is important to note though is that this type of situation could be caused by malware, as it could be a situation where a hacker has added HTML code to the website’s pages that causes requests to malicious content over HTTP even when the pages are served over HTTPS. So if you start seeing the warning without having changed anything on the website, a hack could be a cause of the message.
The important take away from this is that you want to make sure to confirm that your website is hacked before hiring someone to clean it. If a company is interested in taking your money before even confirming it is hacked, they probably don’t have your best interest at heart, which based on our experience of being brought in to deal with the results of others improperly handling hacked websites for years, could lead you to have even more problems than the initial hack.