Most web users will be aware that if you enter you are asked to enter your credit card details or personal information online, you should always check for a padlock sign in the address bar. This indicates that the information you are entering is encrypted before being sent and is therefore less likely to end up in the wrong hands.
You’ll notice that the address of any web page with a padlock icon will start with https:// instead of http:// – for example https://www.candlelearning.com. In order to use https:// in your address you need to have what’s called an “SSL Certificate”.
Web browsers Google Chrome and Firefox have recently set out on a mission to make the web more secure. Any web pages that ask for sensitive information, but don’t have https:// in their address will be marked as insecure (see: Moving towards a more secure web). Crucially for e-learning platforms, this includes any web pages that ask for a password (such as your login area).
If your LMS (Moodle / Totara etc.) is not set up to use https:// in its web address, visitors using Google Chrome or Firefox web browsers will see a crossed out padlock and a notification like this when they try to log in:
Upon seeing this, some users will question the credibility of your platform and it may be enough to put them off using your resources altogether. It is therefore worth taking steps to ensure your platform can use https:// as soon as possible.
Thankfully there are some quick (and free) solutions available.
CloudFlare is a service that we often recommend for clients. It is acts as a firewall for your website / e-learning platform and improves its security and performance. The Free plan also comes with a Shared SSL Certificate, which allows you to use https:// in your website address.
Let’s Encrypt is another free service that provides SSL certificates. It’s a little more complex to implement than CloudFlare, because it requires access to the webserver – but is becoming quite popular on the web.
Both CloudFlare and Let’s Encrypt are available with many web hosting providers (such as DreamHost) and can often be enabled from your dashboard with a few clicks.
If your web hosting has CPanel, look out for this section to enable it:
If you would like any help in ensuring that your platforms such as Moodle, Totara LMS and WordPress handle passwords securely, feel free to get in touch.