WordPress SSL for Free with Let’s Encrypt

SSL Certificates encrypt the connection between your site and your visitor’s browser, preventing hackers from intercepting and stealing personal information. Installing an SSL certificate on your domain name is a great move and now with Let’s Encrypt and Asporea you can get SSL for free.

Historically SSL certificates were difficult to install, and they could cost you upwards of USD 90 a year. It was a cash-cow business for the security industry, and many people were taken for a ride by over inflated prices.
Let’s Encrypt offers a free way of getting many of the same security benefits for your site – without the cost. It’s taken the traditional paid model and turned it on its head with open source. Let’s Encrypt offer certificates for free, and it’s backed by companies like Facebook, Mozilla, Google Chrome, Cisco and Securi. The Let’s Encrypt platform makes installing SSL certificates automatic, simple and free for all.

What is SSL?

SSL (Secure Socket Layer) certificates were invented in 1996 to secure web connections between the website and the visitor. In 1999, improvements ensued, and it transformed to Transfer Layer Security (or TLS). This is still used, although people know it better by the old name.  Browsers with a green https prefix are secured with an SSL certificate.

Websites that accept personal information – like online shopping sites use certificates to prevent hackers from stealing this information.

WordPress sites can benefit from a certificate because of the login page – it is possible for hackers to steal login information from non-secure sites.

About Let’s Encrypt

Let’s Encrypt is run by the Internet Security Research Group (ISRG) and is a registered Certificate Authority. This means it is authorised to issue SSL certificates.

The project wants to secure the entire web. Let’s Encrypt works by allowing you to install a certificate, adding a couple of commands via Shell Access and installing Let’s Encrypt Automatic Certificate Management Environment client.  Certificates are installed almost immediately.

Now included with Asporea cPanel hosting

Now, clients with Asporea can quickly add Let’s Encrypt certificates directly from their control panel. This functionality allows you to secure any domain in your hosting environment almost immediately.  Certificates will renew automatically, and sites will be secure in minutes.

To find out more about our cPanel hosting plans, visit https://asporea.hosting.  For 25% off your hosting, subscribe to our blog. All subscribers receive this discount for the life of their purchase.

Blogvault malware exploit affects email services

BlogVault, a real-time backup and migration service announced over the weekend that it suffered a security breach that exposed data.  The service which is used by more than 85,000 websites globally, uses a WordPress plugin to connect websites to the service.

The founder of Blogvault, Akshat Choudhary, detailed that some customer website were accessed and injected with malware.

According to customer reports, some of the malware injected malicious code that started spamming mail servers. Customers without adequate security screening first noticed the issue when receiving mail servers started rejecting email.

BlogVault has contacted customers with affected sites, removing malware and security data. Blogvault is quick to reassure customers that all backups generated are safe. File transfer, login credentials and payment data are safe. He reiterated that credit card data is processed by Stripe and therefore not stored on Blogvault servers.

After the breach, Blogvault updated the plugin to version 1.45 and reset passwords for all customer accounts. They then analysed systems to determine any other sources of concern. Customer passwords on the service are encrypted, making them difficult to retrieve.

As Blogvault continues to share information with clients, Choudhary says We understand that it can be frustrating for you; as it is for us, to not have all the information,”

“We aim to be comprehensive in our response to the issue. Once we have safeguarded our customers’ data, and our investigation is complete, we will be able to share more details.”

Customers are encouraged to update the BlogVault plugin to 1.45 as soon as possible and to keep an eye on the service’s security updates page for new information.  Asporea webhosting customers have had the plugin automatically updated.

Customers who are not with Asporea who would like assistance remediating their website or email service can contact Asporea for help.