A few weeks ago, website security company Sucuri announced the availability of free SSL certificates to all customers using their firewall product. The SSL certificates are provided by Let’s Encrypt, a free open certificate authority run for the public benefit with the goal of reducing barriers to secure Internet communications.
This means that for Sucuri firewall customers, their site visitors can now use HTTPS to reach their website. HTTPS isn’t an absolute guarantee of a secure site by any means, but it does ensure that any communications between the browser and the server are safe. This is especially important for form submittals including ecommerce transactions – anything that involves submitting personal or financial data.
Security Setting Choices and HTTP/2
Instead of an all-or-nothing solution, Sucuri is offering a few different HTTPS settings associated with the free SSL certificates:
- No HTTPS, fully disabling it
- Partial SSL when the website doesn’t have backend HTTPS
- Full SSL when the website has HTTPS already
Sucuri has also enabled the recently approved HTTP/2 protocol for all client sites by default. HTTP (hypertext transfer protocol) is the protocol that controls the connection between servers and browsers. HTTP/2 offers among other benefits a performance boost for websites but is not yet supported by many hosts.
Fixing Mixed Content Warnings
There are some potential issues with using HTTPS, mainly the ‘mixed content’ warning when images or other elements on a website are using HTTP instead of HTTPS links. This is very common and easily fixable just by using the WordPress plugin Really Simple SSL.
Learn more about Sucuri’s new initiative. If you’re a WP Minder client with a Small Business Plan or higher, let us know if you’d like to set up Sucuri’s free HTTPS on your account.