Here’s hoping each of you are finding your winter enjoyable, wherever you are. In this memo, I discuss a web security improvement that the internet is moving toward and ask for your thoughts on a plan to accommodate this improvement.
This security improvement is known as SSL (Secure Sockets Layer) which encrypts the data passing between the site hosting server and a browser such as Safari, Chrome, Edge, and Firefox. [Encryption jumbles the data to make reconstruction nearly impossible without the proper credentials] You can tell if SSL is used when the browser address line has “https” in the address. In the past, having SSL was considered necessary only for websites passing sensitive information such as credit card or banking transactions. Website pages like those on our lakekit.net sites where lake organizations are simply providing non-sensitive information to its community did not need SSL. However, all websites are becoming more vulnerable to some form of cyberattack as the internet “progresses”. As a result, large companies such as Google have been encouraging SSL for all websites. And WordPress is also moving to encourage SSL as Matt Mullenweg, a founder of WordPress indicated last December. Until recently, implementing SSL was a complex and costly task, usually requiring web developer expertise. But with the push to implement SSL more widely, free SSL is becoming available, and hosting companies are starting to provide this in a more automated form.
You may be asking what this SSL stuff has to do with the websites on lakekit.net. For our lakekit.net sites, we do have some vulnerability when we log in to our sites. When using your private WiFi setup, someone capturing login information is very low. But at a public WiFi, software is available “out there” that could capture the login data, unlikely, but a real possibility.
During January and February, I have researched approaches to take regarding obtaining SSL protection for lakekit.net sites. Our current hosting provider Site5 does not provide free SSL at this time. The best approach may be to move lakekit.net to a hosting company that supports the new free Let’s Encrypt SSL implementation. SiteGround hosting is the best alternate option I have found to date. SiteGround will do much of the move to its servers for free. I expect our lakekit.net would be unavailable for a few days during the transition. Those of you without your own domain name would not need to do anything to accommodate the transition. Those of you with your own domain name would need to replace the nameservers at your domain name registrar.
Our current Site5 hosing contract expires early in December of this year. If Site5 is not providing free SSL by midsummer, we may want move to SiteGround or another hosting business that provides free SSL. I will continue investigating our options, but currently SiteGround seems to be a good option.
Your further thoughts are most welcome.