If visiting this blog in recent days with an up to date Chrome browser, you would have been warned that it is not secure. Thats because there was no security certificate installed and so the encrypted version of the HTTP protocol, HTTPS, was not available.
That’s sorted now with a Let’s-Encrypt certificate installation and a forced HTTPS redirect, making communication with the blog website more secure. I had missed upgrading this blog when I upgraded other services I use.
You might think, “So what it’s only a blog, I’m not putting in any of my passwords, personal details or credit card numbers”.
It does matter though. Websites that have been corrupted by internet bad guys is one way that computer viruses are spread. If communication with the website is not secured by HTTPS, there is a good chance that the admin and in this case blog posting to that website is also in clear text. That leaves open the opportunity for a bad actor to capture the credentials, get into the site admin and plant malware. This is now much less likely for this blog.
All web sites should now be secured with a certificate, if they are not they are vulnerable and potentially make you vulnerable if visiting them. With the free certificates from Let’s Encrypt project and the scripts they provide to keep them automatically updated, there’s really no excuse not to run a site with HTTPS.