Website Security

Hi.

I was checking some posts about SSL certificates, and in one post admin said that we already have enabled self-signed certificates.

So, that means I don’t have to worry if I create a registration form on my website and I don’t have bought regular SSL and will self-signed SSL certificate protect my database from SQL injection or other hacker actions?

SSL will not protect your website against hackers. If your script is vulnerable to SQL injection, then hackers can exploit it regardless of whether they use HTTP or HTTPS. There is no magic button on your hosting account which will fully protect a website against all hackers (except for the button to remove a domain from your account, of course).

SSL only protects against a hacker spying on your internet connection.

Is MyBB vulnerable to SQL injection?

@Robciks1234 said:
Is MyBB vulnerable to SQL injection?

Possibly, but if your installation and plugins are up to date you should be pretty safe. Older versions may contain unfixed security issues which might include SQL injection vulnerabilities.

Also, will self-signed SSL certificate would make online payments on my website safe?

@Robciks1234 said:
Also, will self-signed SSL certificate would make online payments on my website safe?

Users will see a big red page saying there SSL certificate is invalid when visiting your website with HTTPS if you’re using the self signed certificate. You need to get a valid SSL certificate to get a green lock in the address bar of your visitor and offer a proper, safe connection. So I think it’s a moot point.

But generally speaking, using HTTPS only helps to prevent snooping on the internet connection between your visitor and your website. If your website (or the computer of the visitor) is broken and exposing private information, using SSL will not fix that.

@Robciks1234 said:
Also, will self-signed SSL certificate would make online payments on my website safe?

You can get a Comodo SSL Certificate for free for 90 days (I think you can renew it), I use one on my site and it’s trusted on all browsers except Samsung and Firefox because I can’t install the CA Authority. But otherwise, it works really well! https://ssl.comodo.com/free-ssl-certificate.php

@TristianK3604 said:

@Robciks1234 said:
Also, will self-signed SSL certificate would make online payments on my website safe?

You can get a Comodo SSL Certificate for free for 90 days (I think you can renew it), I use one on my site and it’s trusted on all browsers except Samsung and Firefox because I can’t install the CA Authority. But otherwise, it works really well! https://ssl.comodo.com/free-ssl-certificate.php

On the other browsers I tested (Chrome, Microsoft Edge, and more) it was trusted and when I looked at the certificate details, it showed the CA Authority, but apparently Firefox and Samsung don’t auto-install CA Authorities for websites that are missing it.