Now, don’t get us wrong, we are totally pro website security. In fact, we have written so much on Joomla security to prove that. However, we think that sometimes security is applied to the wrong place. An example of this is running a whole Joomla website in HTTPS mode.
For those who don’t know, HTTPS ensures that any request sent and received from the website is encrypted to avoid digital eavesdropping, which is a great idea when the person is doing something important, like logging to a backend or doing activities in that backend. Other than that, it’s just unnecessary.
The problem is, there are many Joomla websites out there that have HTTPS enabled across the board, either because of a common misconception that websites would be more secure with HTTPS (which is not true, as HTTPS is never about website security, but about the security/secrecy of the transmitted data) or because administrators want to enable HTTPS mode in the backend, but are enabling it globally to avoid issues (such as this one).
Whatever the reason is, we think it’s unprofessional to run an entire Joomla website in secure mode – it just means that the administrator knows nothing about security or knows a bit about security but doesn’t know how to implement his knowledge properly. If you’re one of those administrators, then fear not, we can help! Just contact us and we’ll fix the problem for you in no time and at a very affordable cost.