I’ve seen a lot of sites that don’t use HTTPS by default. I’ve heard the argument, “We don’t need it. We’re not e-commerce.” This is absurd thinking:
- You are probably using some sort of CMS product, possible a popular one like WordPress, Magento, Joomla, etc.
- There is a good chance that you are not keeping them as updated as you should, but for arguments sake, let’s assume that you are (or pretend to be).
- All of these products have default administrative login paths. If you monitor your logs, you will notice that bots from all over the world are hitting this default path constantly.
Read more: Why HTTPS? Here Are the 5 Reasons Folks
Step 1: Change your default admin path!
If you are on WordPress, there are several …