Taking security seriously at DigitalSociety.org
Here at DigitalSociety.org, we believe that cyber security should be everyone’s priority. So what better way to prove our sincerity by eating our own dog food and implementing Secure Socket Layer (SSL) security on our own website. Digitalsociety.org does not use unencrypted communication protocols such as standard Hyper Text Transfer Protocol (HTTP) and File Transfer Protocol (FTP) and we use encrypted HTTPS and Secure Shell FTP (SFTP) for all sensitive communications.
To be honest, implementing these strict guidelines on security poses some of the following challenges.
- It is not possible to implement SSL on your website unless you’re running on your own dedicated IP address which rules out the cheapest website hosting options. This isn’t a problem for us because we have our own dedicated physical server and IP addresses which costs a lot less than people think. Hosting a 1U server costs as little as $35 a month for sites that need less than 350 gigabytes of file transfers a month. A basic 1U server can be procured for less than $500, and less than $1000 for hosting multiple virtual servers. You have to set it up yourself but the benefit is that you get full control of the server.
- WordPress won’t let you run web-based automatic updating or uploading without an FTP or FTP over SSL (FTPS). Unfortunately, running FTPS is a nonstarter because it doesn’t pass through firewalls easily due to its requirement for a secondary dynamic port and FTP is a nonstarter because it is not encrypted. This isn’t a problem for us because we have a dedicated server which means we can do the updating on the server itself, or we can do the updates using an out-of-band SFTP solution. This would not be possible on a shared hosting account, but it would be possible on a dedicated server or a Virtual Private Server (VPS) that costs around $20/month.
The end result of all this is that we not only protect our administrator login information, but we also protect our subscriber’s login information. Most websites are not going to bother implementing this level of security, but we hope to change that by spreading the word on good security. But security starts at home and we hope to lead the way on cybersecurity and many other issues.