Does HTTPS stop your website being hacked ?

In a purely generic way, using https or adding an SSL certificate does not stop your website being hacked

We have helped a few of our non-hosting clients with their websites recently after they had been reported as being hacked by Google.  In two cases in the past fortnight for clients who were hosted by different providers,  they have been told by their hosting provider that to stop them being hacked and to remove the message from the Google search results,  they should purchase and install a SSL certificate and then their site won’t be compromised (hacked) again.

Let me reiterate, for these sites, who are using the ever popular WordPress CMS,  having an SSL Certificate will not stop a BOT from using a hole in one of your plugins, or an exploit in the base CMS Code to inject additional unwanted code into your site. In the same way that it won’t stop an unauthorized person from logging into the admin area if they can guess your username and password combination.

What an SSL Certificate will do is make a secure route for any information between a remote browser and your website, this will stop anyone from monitoring the stream of data as it passes over the internet and extracting from it things like usernames and passwords, credit card details and similar. This is why online shops are strongly advised to install an SSL Certificate so that the user can confirm that they are the business that they wish to purchase from, and also that any information sent cannot be read on the way to or from the website, especially the payment portal.

This is short and sharp as a blog post as I am frustrated in that someone offering a hosting service could misrepresent the value of an SSL Certificate, there are excellent reasons for having one, in 2014, Google notified webmaster via the Webmaster Central Blog that sites with SSL would gain better ranking than those without, this single statement probably increased sales of SSL certificates to non-commerce websites by a factor of 100 overnight as people clamour to get the highest ranking they can, if you are taking information from clients ( of providing it if you are a client) then to encrypt the connection being used is a better security policy than not.

If you want to protect your website and you are using one of the common CMS Systems ( WordPress, Joomla!, Drupal etc ) then the best way to protect yourself is to always use the latest versions of the core CMS system, always check and update any plugins that you use, be careful of using old plugins that are not updated and scan your site for problems on a regular basis, there are systems that will do this for you, or just get to know your website and do it yourself ..

In conclusion – get an SSL Certificate, it’s good for your website and its ranking on search engines, but please don’t be misled into thinking that it will protect you from the malicious code that looks for holes in websites, or guesses your username and password, it most certainly won’t!

As usual. feel free to get back to us with any questions or queries, we are always happy to help – 01948 820787


No Comments

Post A Comment