:Wikipedia:Secure server

There are some cases that can break HTTPS security, which you should watch out for. Your browser may warn you, and you should report these problems (e.g. at Wikipedia:Village pump (technical)):

• Some links take you back to the normal servers. (Learn more in the sections below.)
• Most scripts and css are loaded through the secure server, but if you add scripts or gadgets that make connections to external services then these might break the secure connection.
• Performance: some overhead is imposed by SSL, as ~1% of server CPU, some traffic, some client CPU, some delay in the first connection. For related discussion, see posts on Stack Overflow: [//stackoverflow.com/questions/149274/http-vs-https-performance], [//stackoverflow.com/q/548029/287948].

There are several situations when the secure server can be useful:

• Using the secure server gives some protection against eavesdropping, and most of all it protects against others snooping your Wikipedia password or cookie (for example with tools like Firesheep). Eavesdropping is a problem especially when connecting through a wireless network, a company or school network, or a public computer such as an Internet café.
• Some users have a bad Internet connection that intermittently mangles characters. This can cause all kinds of weird problems while editing pages. This mostly happens when connected over wireless or mobile networks. Using the secure server fixes this, since the secure connection has much better error detection than the normal connections.
• Some Internet access points (such as public Wi-Fi networks at some hotels or cafes) inject banner ads into all kinds of web pages including Wikipedia; using the secure server prevents this.

You don't have to be logged in to use the secure server. However, if you have a Wikipedia account, be aware that the secure server handles login separately from the normal servers, so when you go to the secure server for the first time, you won't be logged in there. However, you can log in there using your normal Wikipedia account, and you can be logged in to the secure server and the normal servers at the same time.

When using the secure server, most local links automatically use the secure server. When using external links you need to take an additional step. For instance, here's a link to a search for the words "secure server":

[http://en.wikipedia.org/w/index.php?title=Special:Search&search=secure+server&fulltext=Search&ns4=1&ns5=1 Search]

Instead consider writing:

[//en.wikipedia.org/w/index.php?title=Special:Search&search=secure+server&fulltext=Search&ns4=1&ns5=1 Search]

To get what is known as a protocol relative link. It will use https for readers using https and http for readers using http.

:[//en.wikipedia.org/w/index.php?title=Special:Search&search=secure+server&fulltext=Search&ns4=1&ns5=1 Search]

However, there is no need to hardcode local links. If you need to add query parameters to a link, for instance when making links to special pages, then you can use the magic word "{{fullurl:}}".

[{{fullurl:Special:Search | search=secure+server&fulltext=Search&ns4=1&ns5=1 }}  Search]

:[{{fullurl:Special:Search | search=secure+server&fulltext=Search&ns4=1&ns5=1 }} Search]

Like wikilinks within Wikipedia (see previous section), InterWikimedia links, i.e. wikilinks to other Wikimedia projects such as Wiktionary, are usually adjusted to the secure server.

{{Cleanup|reason=the sec link template was deleted in 2019.|date=March 2021}}

There is the {{tl|sec link}} template that always creates a secure link. It can make both local links and links to other Wikimedia projects. You can for instance put that template on your user page and feed it the appropriate parameters to make a link to the project, language and page that you want.

If you need to reach a non-English version of one of the projects, then {{tl|sec link}} can do that too, but you can also do it by hand:

First go to the English version of the project by using the start page of the secure server. Then manually edit the URL in the address bar to change the part that selects the language. For instance, the German language prefix is "de", so change this:

:https://en.wikipedia.org/ (English Wikipedia)

To this:

:https://de.wikipedia.org/ (German Wikipedia)

After you made such a link, you can save it in your browser's bookmarks, or save it on your user page. But don't put such hardcoded links in other pages or templates, since users who are connected to the normal servers probably don't want to be sent to the secure server.

The old secure server with URLs like https://secure.wikimedia.org/wikipedia/en/wiki/ has been deprecated since October 2011 and is no longer supported. As of 14 November 2012, [//www.gossamer-threads.com/lists/wiki/wikitech/312669 it has been a redirect] to https://en.wikipedia.org/wiki/.

If you are interested in the details of the secure connection being offered by the services, then you can inspect it with tools like: [https://www.ssllabs.com/ssltest/analyze.html?d=en.wikipedia.org SSL Labs] [https://sslanalyzer.comodoca.com/?url=en.wikipedia.org or SSL analyzer]. The following details are non-authoritive information:

;Validity: The current certificate is valid until 24 January 2019

;SHA-256 fingerprint: 68 55 49 46 13 AC 3A 18 6E 8A 16 5C BD 79 12 B7 F1 99 BC 8E 25 F6 1B 60 78 71 B0 8B 06 EC A6 C9

;SHA-1 fingerprint: 0F FB 95 52 F3 B1 3E CF AB 6E 82 8C 60 88 A2 0F D0 04 4E 4E

• Wikipedia:Security
• Wikipedia:Personal security practices
• Wikipedia:On privacy, confidentiality and discretion
• Wikipedia:Wikipedia is in the real world

• [https://www.wikipedia.org/ Wikipedia with HTTPS protocol]
• [https://www.eff.org/https-everywhere/ HTTPS Everywhere] created by Electronic Frontier Foundation
• [https://code.google.com/p/https-finder/ HTTPS Finder]
• [http://www.gossamer-threads.com/lists/wiki/wikitech/232900 Status of SSL access to Wikipedia?] (Wiktech-l discussion, April 2011, lists some relevant bugs)

Category:Wikipedia how-to