My Bleeding Heart – Secure Blogging & WordPress

Summary – By now everyone’s heard about Heartbleed (or should have). As blog writers (& readers), do you understand how that may affect you? Read on…. For photography, follow the link below the image.

 

This is the logo for the Heartbleed bug
Roll your mouse over the image for
Bleeding Hearts (flowers from my garden, that is)

00121-11x14_DSC9063_nc4_pwp-flatten copy_resizeblog 2014-04-17_7-12-44

Read here for how I made the out-of-frame flowers


Just a short note about

URL’s (the content of your browser’s address bar)

And – what they have to do with site security

WordPress related sites or otherwise


HTTP vs. HTTPS

Everything I have to say is about the above acronyms

Which, in form or the other, we’ve all seen countless times

Do you know the difference?

HTTP = Hypertext Transfer Protocol

HTTPS = Hypertext Transfer Protocol Secure

The Heartbleed security issue mainly involves the secure version

An error left secure sites not so secure

++++++++++

What does this have to do with me? (or you?)

Did you know that any site can be accessed via

Two separate addresses, for example

http://edkvisions.wordpress.com/

https://edkvisions.wordpress.com/

Identical except for that S for Secure

Click on those both of them

(they’re safe; an old WP blog of mine)

I’ll wait here for you until you return

++++++++++

Did you see any difference?

I hope not! You shouldn’t have

Even though the addresses were different

They’re both accessed & hosted via wordpress.com

as shown at the end of the address

WordPress is certified to be secure (read here)

So – your browser takes you to the https site

With no complaint or cautions

You are at the same site with either address

The sole difference is

Your communication with the site is

Secure (in theory) if accessed via HTTPS

Heartbleed exploits a flaw

In the secure version’s security software

(no problem now with WP’s software by the way)

Not a problem with HTTP (no S)

Since that was never secure to start with

++++++++++

Do you want to see the difference? (safely)

Sure you do (live dangerously; just kidding) 😉

Let’s use my Gallery Blog as an example

http://edknepleygallery.com/

https://edknepleygallery.com/

Once again, I’ll wait until you get back….

OK – A big difference this time, but why

It comes down to something called

A security certificate

My gallery doesn’t have one

The site’s not wordpress.com (that has one as seen above)

It’s edknepleygallery.com

Even though it’s secure there’s no certificate

You only have my word for it

Not an official security authenticating body

The absence of the certificate (sent, or not, from site to browser)

Causes your browser to show you an alert

The alert’s appearance depends on the browser you use

.

Chrome 1st (note what it shows in the address bar)

HTTPS sites often show a locked lock to tell you they’re secure

You’ve seen this with financial transactions most likely

Chrome emphasizes that my site is NOT secure even with HTTPS

2014-04-17_8-18-04

 

and then Firefox (that doesn’t do the URL thingies)

2014-04-17_8-14-24

 

++++++++++

Why did I write this?

A few days ago

I included a link in this blog

To a post in my gallery blog

Something I do often

Somehow (don’t know how)

I linked to the s-version

Which, of course, produced an alert

For any readers who clicked on that link

The same as if you clicked on

https://edknepleygallery.com/ above

Coupled with the current Heartbleed fuss

I spent a few minutes investigating

Decided to share with you

Here’s a great WP-support post on HTTPS

 


Subscribe (see sidebar). New posts daily.

  • No sidebar? Click here or the blog title at the top of this page.

Another option – Click on the “Follow” button at the bottom right of the screen.

  • Or – “Follow” in your admin bar, displayed at the top of the screen, for logged-in WordPress.com users.