Thanks to letsencrypt.org, we are now running lifetime free SSL certificates across all our cPanel customer domains.


This means your website will be more secure - encrypting your user name and password while logging in, encrypting your customers information - and any user logins, as well as encouraging users to trust your domain more.


Many benefits come from this, including a higher Google search rank (Google will 'penalise' sites not using SSL), a higher level of reputation and trust, and technically speaking a high level of security.


SSL is important. Without SSL installed on your website, it is trivial for an attacker to run a 'man in the middle' (MITM) attack - listening to any data you, or your users, send or receive from your website. For example, if you log into your Wordpress website (without a HTTPS connection) in a public wifi network, it would be very easy for an attacker to listen to your connection and read your username / password.


This is even possible within your home network - although (generally) slightly harder. All an attacker would have to do is wait for your device to authenticate with a wireless access point - this authentication is called a ‘handshake’. With this handshake, the attacker can read all packets passing between your computer and your wireless router. If you are sending information or logging into a website without SSL, they generally can read this information - including usernames and passwords.



Read more about an experiment around this attack here - successfully able to read a username and password from a Wordpress website without SSL.


 




Sunday, August 28, 2016

« Back