We have purchased an SSL certificate to secure the site to help better protect user privacy through the encryption of traffic on the site.
SSL (Secure Sockets Layer) is a protocol which is used to create a secure Internet Communication channel and is most commonly used on e-commerce sites to process credit card payments, as well as on other sites to process personally identifiable information.
The basic workings of SSL are:
- When first visiting the site, your browser will ask the server to identify itself. The server will send the SSL certificate which includes a key and identification details to your browser
- The key contains a public and private key, with the public key shared with your browser to set up an unique key and encryption method.
- Once your browser has determined that the SSL certificate is active and trustworthy, your browser will then send a confirmation to the server, and the server will then send back a digitally signed acknowledgment, and the SSL encrypted session begins.
Some of the benefits of SSL include the encryption of data passed between the server and your browser, so whenever you are imputing passwords, personal information, or even just leaving a comment, all this data is encrypted and cannot be snooped on by a third party, which is very useful for thwarting hackers and identity thieves.
SSL also helps protect against phishing attacks, whereby a malicious user may try to impersonate a website through a phishing email. The phishing email will usually contain a link to their own website or use a man-in-the-middle attack using your own domain. It is very difficult for this type of phishing to be successful as the malicious user will find it hard to receive a proper a proper SSL certificate and will be unable to perfectly impersonate the site.
We will be redirecting all our traffic to use the https version of our site so that encryption is provided by default for our users. You will know if you are using https through visual clues on your browser, such as a padlock icon located on your browser, and/or a green or blue bar in the address bar. The biggest clue will be the address should be displaying as https://lochgelly.org.uk.
Due to moving over to an SSL secured site we are having some compatibility issues with certain plugins for the site such as the comment rating system which is currently not working due to the original developer hard-coding http into the plugin. We are creating a workaround as well as fixing any other bugs that we have noticed.
If you are having any issues with the https version of the site, please report them below so we can start to work on fixes and it also helps us to identify bugs that we may have overlooked.
We hope the added security is a useful feature for our users, and if you are a Web of Trust user, please give our WOT scorecard a rating, thanks.