Do you sometimes click on a link in your web browser and find that the site you are taken to is completely different from the one you expected? It can happen quite innocently if a site has moved to a new address, perhaps due to a company takeover. It can also simply mean the old site has gone and the domain has been bought by a squatter, in which case you may see a page full of advertisements. More worryingly, it could mean that your internet router has been hacked – try swapping the router. But the problem I’m talking about here is a known limitation of old browsers on encrypted connections.
You may have noticed that many websites now make you use a secure connection – with a green padlock, and https instead of http in the address.
The reason is simple – without encryption, anyone can snoop on your connection and see your passwords, which is disastrous if you’re shopping online or even just checking your email. Worse still, hackers can redirect your connection to a convincing “phishing” site without your knowledge. Encrypted connections prevent that.
The problem was, until recently every secure website needed its own separate IP address and security certificate, which was expensive and difficult to set up (IPv4 addresses are in short supply). That all changed in 2016 because Microsoft finally retired the old versions of Internet Explorer that required separate IP addresses, and because an organisation called Let’s Encrypt started offering free automated certificates. Problem solved.
Except that a lot of people are still hanging on to Windows XP (unwisely, because it’s now very insecure and a big target for hackers). Internet Explorer on Windows XP can’t handle secure sites on shared addresses (it doesn’t support “SNI“) which means it will show you completely the wrong site.
The solution is simple – use Chrome or Firefox (or even Microsoft Edge) instead of Internet Explorer. As a bonus, modern browsers allow you to install an Ad Blocker to make your browsing much more pleasant. Since ads can contain malware your browsing will be more secure (and faster) as well.
Update: There’s a useful article about migrating WordPress sites to SSL on the cloudliving blog.