Posh Security

View Original

Planet PowerShell Announcement - Enforcing HTTPS

Planet PowerShell

Planet PowerShell has grown over the last 18 months since its launch. The community has grown to over 60 talented individuals, with great content posted every day. During this time, I've been very cautious of making many significant changes, but this is about to change.

I've been working on some plans to improve Planet PowerShell and will be sharing the roadmap in the next few weeks. I wanted to make the first announcement early as it may require work from the content authors. I want to be sure that everyone is aware of this change.

From the 1st of August 2018, Planet PowerShell will only support aggregating blogs that support HTTPS. Not only that, but we will also validate the certificates presented. Any blogs that don't support HTTPS with a valid certificate will be removed from Planet PowerShell.

Why am I making this change? Simply, I'm making this change to make the world a safer place. There are many great reasons for making the switch:

  • Protecting people’s privacy
  • The browsers are starting to mark HTTP as insecure
  • HTTPS gets better rankings in search engines
  • HTTP 2 provides significant performance benefits.

I really can’t find a reason not support HTTPS on your blog. Getting a certificate is extremely easy and there are free options available. You can get a free certificate from Let’s Encrypt, put your blog behind CloudFlare for free or if you're a Microsoft MVP, DigiCert can issue one to you. If you're using GitHub pages, you can find extra guidance at Troubleshooting custom domains.

This gives everyone over 6 ½ weeks to prepare for this change. I've already gone through and identified blogs who are currently using HTTP but support HTTPS, I'll merge update for these shortly.

Currently are around 10 blogs that don’t support HTTPS, or have invalid certificates. I've created an Issue on GitHub to track this change and will include everyone whose blog doesn’t support HTTPS there.