I’ve seen a lot of sites that don’t use HTTPS by default. I’ve heard the argument, “We don’t need it. We’re not e-commerce.” This is absurd thinking:
- You are probably using some sort of CMS product, possible a popular one like WordPress, Magento, Joomla, etc.
- There is a good chance that you are not keeping them as updated as you should, but for arguments sake, let’s assume that you are (or pretend to be).
- All of these products have default administrative login paths. If you monitor your logs, you will notice that bots from all over the world are hitting this default path constantly.
Read more: Why HTTPS? Here Are the 5 Reasons Folks
Note: If you are using WordPress, consider forcing HTTPS using the WP Force SSL plugin or modifying your wp-config.php.
Step 1: Change your default admin path!
If you are on WordPress, there are several …