Hypertext Transfer Protocol Secure (HTTPS)

HTTPS creates a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.

HTTPS is especially important over insecure networks (such as public Wi-Fi access points), as anyone on the same local network can packet-sniff and discover sensitive information not protected by HTTPS. Additionally, many free to use and paid WLAN networks engage in packet injection in order to serve their own ads on webpages. However, this can be exploited maliciously in many ways, such as injecting malware onto webpages and stealing users' private information.

Joomla has three options: “None”, “Administrator Only”, and “Entire Site”. Using the appropriate setting, this parameter forces any web browser connections to the administrative “backend”, or to the complete Joomla site, to use the secure HTTP protocol (HTTPS). The “Entire Site” setting is appropriate where security of any web transaction (e.g. e-commerce) is important. Ideally there should also be an appropriate certificate in place to verify the identity of your web site. The “Administrator Only” setting is ideal for enhancing the security of other types of web site as it encrypts “backend” content and passwords that could be put to malicious use if intercepted.Note: before moving away from the default setting of “None”, it is essential that you check the server delivering your web site is capable of operating in HTTPS mode.

WordPress does not support/force the use of SSL without a plugin.

Date modified: 08 November 2018