Free Website Security Certificates (a/k/a Free SSL Certificates)

If you have a website, you almost certainly need to secure it. Even for a simple WordPress blog like this one, security is a real problem; sites get hacked all the time, and even a site like this one can draw hundreds or thousands of hack attempts per day. Sometimes, it’s because hackers discover a new vulnerability. Usually, it’s an old one that just hasn’t been patched yet. But there’s more: hackers can steal your login info and take over your site just by monitoring your traffic over a wireless network, like in a typical coffee shop or airport.

The solution for this is to get a security certificate (commonly, but no longer correctly, known as an SSL certificate). Typically, these cost $100/year or more, depending on what you need. But there’s good news.

The free option for today is StartSSL.com, which will give you a very basic certificate for free. It still requires some technical know-how, but not much; whoever handles your website maintenance now should be able to handle it pretty easily.

It’s about to get a lot easier. In mid-2015, Let’s Encrypt is launching. Let’s Encrypt is a project of the Internet Security Research Group, which consists of some real heavy-hitters in the tech world: Mozilla, Akamai, Cisco, the EFF, and IdenTrust. It will allow you do secure a website with, basically, one click. For free.

So, cost is no longer a barrier to securing your website. Go do it!

A good reminder: Hackers are out there

A site I occasionally help out with was on the receiving end of a brute-force attack today. Nothing subtle about it: a single IP address in Europe sent nearly 50,000 attempts to log in using a single user account. Hackers are out there, people, and they are persistent.

For securing WordPress sites, I highly recommend the Wordfence plugin. I have no affiliation with the product, but I will say that even the free version is truly an excellent piece of software.

How Bad Things Have Gotten

Just how bad has comment spam gotten? Check it out, below. Red is spams, green is good comments, and black is a 30-day moving average. As you can see, I am averaging about 163 comments per day (essentially all spam). You can click on the images to enlarge them.

[EDIT: The images in question were dynamically generated. Due to changes in this site’s architecture, they are no longer available as of August 17, 2008.]

%d bloggers like this: