It’s been quite a while since I’ve updated this blog eh? It’s been quite the whirlwind but that doesn’t mean changes haven’t been made to the website through my “inactivity”. One thing you may realize is that all the pages and links that you visit are now HTTPS enabled.
You might ask: “hey, isn’t this super expensive? SSL signing is quite expensive!” To this, I reply to my dear readers, “not at all! In fact it’s free!!”
Enter Let’s Encrypt
As the public’s appetite for securing everything, especially after the Snowden revelation and the rise of cybercrime, everyone and their mother have been alarmed at how easy it is for nefarious actors to steal personal information on the Internet. This problem has only been exacerbated with the rise of the cloud, where everyone is uploading their data be it their homework due the next morning, taxation information or their personal photos, someone is uploading something that can be used to build a profile of them for identity fraud.
Unfortunately, most of the websites are not encrypted. Why is this? It’s because SSL certificates have been traditionally prohibitive to the average website operator. These certificates can range from $45/year all the way to $1300/year depending on what kind of website you’re operating. For most people, especially bloggers like me who don’t generate revenue from our websites at all, it doesn’t really make much sense to pay for an SSL certificate, even though security minded folks like me really prefer to encrypt everything but not feasible, we’re already paying for hosting and the domain name as is just to have an online presence.
So how do we solve this problem? Fortunately, there’s Let’s Encrypt.
Let’s Encrypt is a Linux Foundation project sponsored by major technology entities such as OVH.com, Mozilla Foundation, Cisco, Google, Automattic, Facebook and many more! The goal of this project is to provide free automated SSL certificates for websites for any size, to increase the security behind these websites even if they are not ecommerce websites.
Why Let’s Encrypt? Why even bother encrypting?
The main draw is that it’s free and that it’s automatic! What do I mean by it being automatic? Once you install the Let’s Encrypt Client, it will generate SSL certificates for you. Web hosts can even integrate Let’s Encrypt into control panel software like the world renown cPanel in order to allow shared hosting or VPS customers deploy SSL certificates with only a few button clicks. Even for those who run their own Linux servers can easily deploy SSL certificates with just 2 command lines!
So why is encrypting websites important? Even if you don’t process any credit card transactions, it can increase the amount of privacy and keep important information confidential. If you’re say running your own WordPress site, even without using a ecommerce plugin like WooCommerce, whenever you do anything on the backend, the data will be sent unencrypted through the network, this includes data such as login credentials. This can potentially be a big problem as people who may have their networks tapped, the credentials can be captured by malicious actors.
Yes, encrypting your site may not be paramount if you’re not processing credit cards, but why not add the security measures if they’re just a simple click away?
Learn more about Let’s Encrypt: https://letsencrypt.org/