2017: A More Secure Year

Over the years I have seen a ton of technology come and go.  Remember RealAudio?  Shockwave?  The web is a morphing blob of hacks.  I know that sounds crazy, but the HTTP protocol wasn’t even developed originally to allow someone to upload files, but what we have done to make it work is fascinating.  Take WordPress for example, we have a way to login using a username and password, and once logged in “securely” a user can upload a batch of files from their computer.

Things are about to change, though.  Anytime someone logs into WordPress without using an SSL certificate, they are transferring their username and password unsecured.  That is about to change, and that is about time.  Every WordPress instance has a login and now, Chrome will start to let people know that they shouldn’t use that site if they aren’t using SSL.  This will happen in 2017.

We aren’t 100% sure what this looks like but here is the article explaining it: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html.  My guess is we’re going to get a nagging message telling us to contact the owner of the site and tell them to put an SSL certificate on the site.

The good news is that SSL certificates are becoming cheap, if not free.  I’ve begun to use Let’s Encrypt for a lot of our sites.  Let’s Encrypt allows us to easily and freely install an SSL certificate on a site.  I recommend that every single web developer out there to start installing SSL certificates on sites, especially if it is WordPress.  WordPress is targeted regularly for vulnerabilities and I know going SSL is only going to help with security.

Here’s to 2017, probably the most secure year on the web thanks to Google.  If Google begins to force people to use SSL, everyone will follow.