I’m impressed. Really. And I tell you why in a second: Due to a misconfiguration, a secure connection (HTTPS) has been enforced for all visitors coming to this blog for a few months now. I didn’t notice this at first, because I use a special WordPress plugin to enforce HTTPS for the admin user (myself) only. Actually, administering this blog in a secure way is the only reason I started to offer HTTPS access to this blog at all. To safe myself a few bucks, I used my own certificate authority to issue myself a certificate. I guess that a maximum of 5 visitors/day trust this certificate authority by default. And this is a very optimistic guess. This means that for most visitors, it was very difficult to actually access this blog, because modern browsers nag the user very much, if they detect any certificate issues with a site. Still – and that’s what I am so impressed with – I lost only about one third of the visitors by enforcing a secure connection. And I get a lot of visitors – especially through search engines. It seems that most visitors, that are coming in via Google for example, do not really care, if they need to dismiss a number of security warnings to access this site. Or most visitors of this blog have disabled these checks. I don’t know. What this probably means is that
- most of you are technically savvy
- and you care enough to take the additional work required to access the content on this site.
Still, I disabled HTTPS enforcement again because
- it kept most feed readers out (I can only guess how many people were affected by this, because I don’t really track the number of subscribers to my RSS feed)
- and one third of the visitors of this blog are still a lot of visitors, if you just look at the bare numbers.
Anyway, I thought that I would loose a lot more visitors by enforcing HTTPS with a self signed certificate. You proved me wrong ;).