What Is HSTS? - WPDesigns

What Is HSTS?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

What Exactly Is HSTS?

You have probably most likely heard of HTTP and HTTPS but perhaps not HSTS.  

If you see HTTP then the site data is unprotected when it is transmitted and is susceptible to a man in the middle attack as the servers are not directly connected so the router can read and manipulate unencrypted data and compromise it. HTTPS means that when the site data is transferred then the data is encrypted and decrypted by the relevant parties and during the data transmission the data is unreadable to anyone trying to view it.

HSTS forces a website to make all of its responses using the HTTPS connection instead of the unencrypted HTTP connection. This makes it impossible for an attacker to read or modify the data while it is being transmitted over the web.

How Does HSTS Work?

Enabling HSTS forces the connection to be HTTPS if it is available.  By forcing the HTTPS connection this instructs the browser to only connect to the server and the domain through HTTPS.

Example of HSTS

If you imagine yourself logging onto your online banking through a public wifi connection and instead of the wifi being the genuine intended access point it instead that of that it is one that a hacker has set up with a plausible-sounding name. The hacker can take the users request for the bank website and redirect it to a cloned version of the site which operates through HTTP. This HTTP connection will allow the hacker to read all of the personal and sensitive information that you input and allow them to collect it.
If you have previously accessed the bank site before then the HSTS will automatically force a HTTP connection and be able to prevent the man in the middle attack.

Graphics 18

Benefits of Using HSTS

  1. HSTS will protect you against HTTP downgrade attacks (SSL stripping attacks) and this will force all connections through HTTPS.
  2. If a domain has mixed content then the HSTS will upgrade the connection to HTTPS rather than the vulnerable HTTP.
  3. If a server cannot validate the certificate of a website then the connection is aborted.

Conclusion on HSTS

HSTS is a simple and highly effective way to secure yourself from a man in the middle attacks and to protect all of your data and personal information while it is being transmitted.
By forcing the HTTPS upgrade the attacker is unable to read the data even if the network is compromised as the browser is forced to use a HTTPS connection.
HSTS makes sure that all the communication data is encrypted, sent and received by the correct parties and not leaked to anyone else.

Simple Ways to Upgrade to HTTPS

You can find some options in common browsers such as “HTTPS Everywhere” this will force your browser to view every page through a HTTPS connection and is very useful when browsing the web.  This browser extension was created by the Electronic Frontier Foundation as available for Mozilla Firefox, Google Chrome and Opera browsers.

If you run WordPress on your website you can use plugins such as “Really Simply SSL” to help secure your site if you already have an existing certificate and want to run the site through HTTPS.

×

Table of Contents

WPD CMS

Our WPD CMS is a variation of WordPress that is has been optimised in order to allow our clients to streamline their user experience when managing their own website. This allows them to confidently navigate through the website without hesitation of causing major issues or breaking the site.  This also allows our clients to be autonomous with their website and it’s contents.  If you would like to learn more about the WPDesigns CMS we will be happy to answer any further questions you may have.

Josh

Typically replies in minutes

Hi there,

Feel free to message me if you have any questions.

Contact Us