Sucuri Partners with Let’s Encrypt to Offer Free SSL Certificates to All Customers

ssl

Sucuri, a website security company that specializes in securing WordPress (and other CMS) sites, announced that SSL certificates are now available at no cost to all customers who make use of the company’s firewall. As a sponsor of the Let’s Encrypt initiative, Sucuri joins Automattic as one of the first companies to fully automate free SSL Certificates for all customers. The company has also enabled the new HTTP/2 protocol by default, which offers significant performance advantages compared to raw HTTPS.

Unlike WordPress.com, which does not allow users to disable encryption, Sucuri offers a “No HTTPS” option which will force all traffic to be redirected to HTTP. Customers can also select from partial SSL, full SSL, and Custom SSL (where they can use their own certificates).

Despite their sponsorship of the Let’s Encrypt initiative, Sucuri’s founders emphasized that SSL support is not a magic wand that instantly makes your website secure, since it only protects information transferred between the browser and web server.

“Even though we are providing SSL certificates to all our clients, we don’t subscribe to the idea that every website needs HTTPS enabled,” Sucuri CTO Daniel Cid said. “The idea that this makes for a more secure web is inaccurate.”

Cid and co-founder Tony Perez share a perspective tempered by years of experience fixing hacked websites. The majority of compromises come through brute force attacks, software vulnerabilities, and DDOS attacks.

In a post titled HTTPS Does Not Secure Your Website, Sucuri CEO Tony Perez identified three general instances where SSL is essential: when transferring personal identifiable information, transaction data in e-commerce, and other sensitive data. Outside of these scenarios, HTTPS is not as critical.

“I have no doubt that HTTPS will continue to grow in popularity,” Perez said. “What I take exception to is when technology professionals say that one of the driving factors for HTTPS is it’ll secure your website, because it won’t.”

Sucuri only recommends HTTPS for customers who are already taking security seriously and want to add protection for data in transit. The company suggests putting more basic security measures in place first – keeping your software updated, implementing intrusion detection, getting code reviews, and storing passwords securely.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.

7 Comments


  1. this ssl is for all sucuri customers ? or only paid customers ?

    i think Sucuri make this offer only for paid and premium members

    Report


  2. Outside of these scenarios, HTTPS is not as critical.

    It may not be as critical, but I still consider it critical, even for simple static websites. https is the only usable method we have to prevent editing of content between server and browser.

    Report


  3. I do agree with Daniel Cid when he says that, “not everyone needs HTTPs enabled.” However I still recommend to all of my clients who are participating in an SEO campaign that they do install an SSL. The slight preference that Google gives to SSL websites is worth the investment alone.

    Report


  4. Do you know: Sucuri has different packages for non-SSL: and SSL. If you used SSL, it has higher price :) Simply!

    Report

Comments are closed.