Tag: security

Posted on

Adding Free SSL Certificate and HTTPS to WordPress with Let’s Encrypt and Certbot – WPMU DEV

Installing an SSL certificate on your domain is an essential step you should take to secure your WordPress site and now with Let’s Encrypt you can get one for free. An SSL certificate encrypts the connection between your site and your visitors’ browser so hackers can’t intercept and steal personal information. Normally, SSL certificates can be cumbersome to install and can get expensive, but this is changing fast.

Source: Adding Free SSL Certificate and HTTPS to WordPress with Let’s Encrypt and Certbot – WPMU DEV

Let’s Encrypt + Certbot provide a straight forward way to add SSL and HTTPS to your website. This article walks you through the steps to get this running on a WordPress site. It’s worth noting that this will likely work on Apache with virtual hosts but it’ll take a bit more work.

Posted on

Flaws detected in the Owncloud encryption module

First it is important to understand what this encryption module is actually supposed to do and understand the threat scenario. The encryption provides no security against a malicious server operator, because the encryption happens on the server. The only scenario where this encryption helps is if one has a trusted server that is using an untrusted storage space.

Source: Pwncloud – bad crypto in the Owncloud encryption module – Hanno’s blog

A good read, but also worth noting that encrypting data at rest on a server is rarely bullet proof anyway. If an attacker can get access to the server they can decrypt the data. I wouldn’t even bother encrypting the data store for something like Owncloud anyway since the data is at the end of a long chain where significant security is needed. For example, is the local copy of the data encrypted? Is the web component using HTTPS? Are Owncloud accounts secure with long passwords and 2FA? Is access to the sever running Owncloud properly secure with very limited access? Encrypting data at rest in Owncloud is the least of my worries.

Posted on

Adding Free SSL Certificates to WordPress with Let’s Encrypt

Installing an SSL certificate on your domain is one of the best steps you can take to secure your WordPress site and now with Let’s Encrypt, you can get one for free. An SSL certificate encrypts the connection between your site and your visitors’ browser so hackers can’t intercept and steal personal information. Normally, SSL certificates can be cumbersome to install and can get expensive, but this is changing fast. Share on Facebook Tweet it Share on Google+ Sign up for more WordPress wisdom

Source: Adding Free SSL Certificates to WordPress with Let’s Encrypt

Posted on

Tips for locking down your data and protecting your privacy on the Internet

Your online privacy is only as strong as the weakest link in the chain consisting of you, your ISP, and the places you visit on the Internet.

Source: Tips for locking down data and protecting privacy | Opensource.com

The article recommends you run your own server in your house to have the best control over your data. With a server you can control email and run your own secure storage cloud. Not a bad idea.