And there was much rejoicing.
Today Let’s encrypt, the free provider of SSL certificates, is now offering Wildcard certificates to the public. Wildcard certificates differ from normal SSL certificates as they allow any subdomains under the registered domain to be protected using the same certificate. (For example, subdomain.domain.com, in this case “subdomain” can be anything you want it to be on your site, offering an easy way for developers to divide up content and functions to different parts of the site)
This is great news for Internet security. Now almost all sites on the web can have access to free certificates to protect them. The aside to this is if you are an E-commerce site, you are most likely still using a verified certificate, which costs money (and is a pain to set up) though this is by no means required by any regulating bodies.
Many sites remain without protection, however. Many run without any ssl certificates at all, or do not have their site configured to require HTTPS communication. Despite barriers to good security being lower than ever, many are simply not informed, or willfully ignorant of the risks involved.
I won’t get too preachy, but if you run a website, it should have SSL, and it is now incredibly easy to do so. If you are a consumer, and you stumble upon a site that has a red warning in the URL bar, or lacks the “https://” that should come before the address, email the sites owners.