In this article, you will learn about a few safety measures that Cloudways recommends you should take after deploying the SSL Certificate because installing SSL Certificate is not enough to protect your website as intruders can still bypass security layers implemented by you. Therefore, using these suggested methods can enhance your website’s security.
Recommended Measures After Installing SSL Certificate
Here are a few security measures that you should take after deploying an SSL Certificate.
1. Redirection from HTTP to HTTPS
As discussed earlier, that intruders can still bypass your security layers even if you have an SSL certificate deployed on your website. or maybe access your website on unsecured HTTP protocol just by typing http:// before your website URL so to avoid this interruption from intruders, you need to redirect your website from HTTP to HTTPS.
2. Enabling HSTS (HTTP Strict Transport Security) Policy
Enabling HSTS will limit SSL protocol attacks and cookies hijacking. It will also allow websites to load faster by removing a step in the loading procedure. As you might know that HTTPS is a massive improvement over HTTP, and it is not vulnerable to being hacked. Still, a very common hack exists for those websites that force HTTPS redirection to send visitors from an HTTP to HTTPS version of the website, and it is called SSL Stripping and comes under the category of Man-In-The-Middle (MITM) attacks. Read more about this and about the procedure of enabling the HSTS policy here.
Optional: Disabling TLS v1.0 and v1.1
Cloudways currently supports TLS v1.0, v1.1, v1.2, v1.3, and these TLS versions are now supported by many websites as well as web browsers. An earlier version of TLS such as v1.0 was prone to attacks like Beast, Poodle, and that is why it is not recommended to use this TLS version when your website (such as eCommerce website) deals with sensitive information. There are no vulnerabilities found in TLS v1.1, but it is based on a combination of two cryptographic hash functions that are MD5 and SHA-1, and both are broken. Although the PRF (Pseudo-Random Function) of TLS v1.1 is not broken, so it is better not to use it. Moreover, the TLS v1.0 and v1.1 will be obsoleted on March 31, 2020.
Cloudways gives you complete freedom to choose the TLS version of your application via Cloudways Platform based on your requirements and unselect those versions which you no longer need.
These essentials steps will ensure that you are making the most out of security features offered by Cloudways to protect your visitors and make the communication between visitors and your website as secure as possible.
That’s it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.