Securing your self-hosted website with Let’s Encrypt

Continue reading “Securing your self-hosted website with Let’s Encrypt”

Securing your self-hosted website with Let’s Encrypt, part 8: more cool things about Let’s Encrypt

PHEW! That was a lot of blog posts in just a couple of days, but I wanted to make sure that individual ‘topics’ had their own URL so people can link to the bit that they find more interesting and ignore everything else.

To finish, I would like to present together a number of interesting and cool facts about Let’s Encrypt which I omitted before because they were not directly related to using it.

Continue reading “Securing your self-hosted website with Let’s Encrypt, part 8: more cool things about Let’s Encrypt”

Securing your self-hosted website with Let’s Encrypt, part 6: WordPress considerations

In part 5, we looked at the great things you can do when your website is running over HTTPS, but we didn’t get into specifics of which type of website and the particular considerations you should have in mind.

There are so many types of websites that I am not going to start looking at all of them because that would probably end up being the work I do until the end of my days (exaggerating, me??). But I will look at a very popular type of website with which I have hands-on experience–WordPress!

Continue reading “Securing your self-hosted website with Let’s Encrypt, part 6: WordPress considerations”

Securing your self-hosted website with Let’s Encrypt, part 5: I have HTTPS, and now what?

In part 4, we looked at hardening default configurations and avoiding known vulnerabilities, but what other advantages are there to having our sites run HTTPS?

First, a recap of what we get by using HTTPS:

  • Privacy – no one knows what are your users accessing
  • Integrity – what is sent between you and your users is not tampered with at any point*

*unless the uses’ computers are infected with a virus or some kind of browser malware that modifies pages after the browser has decrypted them, or modifies the content before sending it back to the network via the browser–Remember I said that security is not 100% guaranteed? Sorry to scare you. You’re welcome 😎

So that’s cool, but there’s even more!
Continue reading “Securing your self-hosted website with Let’s Encrypt, part 5: I have HTTPS, and now what?”

Securing your self-hosted website with Let’s Encrypt, part 4: hardening default setups and avoiding known vulnerabilities

In part 3, we looked at how to finally use Let’s Encrypt to issue and renew certificates for our domains. But I also finished with a terrifying cliffhanger: basic HTTPS setups can be vulnerable to attacks! Gasp…!

Let me start by clarifying that I am not a security expert and if someone breaks into your system I will take no responsibility whatsoever, lalalala…

Continue reading “Securing your self-hosted website with Let’s Encrypt, part 4: hardening default setups and avoiding known vulnerabilities”