Wikipedia:Secure server

From Wikipedia, the free encyclopedia

Wikimedia used to have a designated secure server (2005–2011) that was used for accessing Wikimedia projects with an encrypted connection. In 2011, all the main web server addresses at Wikimedia started supporting encrypted connections. In 2013, encryption became the default for logged-in users. As of 2015, unencrypted access is no longer possible. Refer to the "HTTPS" article at Meta-Wiki for more information about the current state of encryption on Wikimedia projects.

This page reflects the historical state from the time that encryption was optional.

Possible problems[edit]

There are some cases that can break HTTPS security, which you should watch out for. Your browser may warn you, and you should report these problems (e.g. at Wikipedia:Village pump (technical)):

  • Some links take you back to the normal servers. (Learn more in the sections below.)
  • Most scripts and css are loaded through the secure server, but if you add scripts or gadgets that make connections to external services then these might break the secure connection.
  • Performance: some overhead is imposed by SSL, as ~1% of server CPU, some traffic, some client CPU, some delay in the first connection. For related discussion, see posts on Stack Overflow: [1], [2].

But still very useful[edit]

There are several situations when the secure server can be useful:

  • Using the secure server gives some protection against eavesdropping, and most of all it protects against others snooping your Wikipedia password or cookie (for example with tools like Firesheep). Eavesdropping is a problem especially when connecting through a wireless network, a company or school network, or a public computer such as an Internet café.
  • Some users have a bad Internet connection that intermittently mangles characters. This can cause all kinds of weird problems while editing pages. This mostly happens when connected over wireless or mobile networks. Using the secure server fixes this, since the secure connection has much better error detection than the normal connections.
  • Some Internet access points (such as public Wi-Fi networks at some hotels or cafes) inject banner ads into all kinds of web pages including Wikipedia; using the secure server prevents this.

Logged in or not[edit]

You don't have to be logged in to use the secure server. However, if you have a Wikipedia account, be aware that the secure server handles login separately from the normal servers, so when you go to the secure server for the first time, you won't be logged in there. However, you can log in there using your normal Wikipedia account, and you can be logged in to the secure server and the normal servers at the same time.

Local links[edit]

When using the secure server, most local links automatically use the secure server. When using external links you need to take an additional step. For instance, here's a link to a search for the words "secure server":

[ Search]

Instead consider writing:

[// Search]

To get what is known as a protocol relative link. It will use https for readers using https and http for readers using http.


However, there is no need to hardcode local links. If you need to add query parameters to a link, for instance when making links to special pages, then you can use the magic word "{{fullurl:}}".

[{{fullurl:Special:Search | search=secure+server&fulltext=Search&ns4=1&ns5=1 }}  Search]

Links to other projects[edit]

Like wikilinks within Wikipedia (see previous section), InterWikimedia links, i.e. wikilinks to other Wikimedia projects such as Wiktionary, are usually adjusted to the secure server.

Force links to the secure server[edit]

There is the {{sec link}} template that always creates a secure link. It can make both local links and links to other Wikimedia projects. You can for instance put that template on your user page and feed it the appropriate parameters to make a link to the project, language and page that you want.

If you need to reach a non-English version of one of the projects, then {{sec link}} can do that too, but you can also do it by hand:

First go to the English version of the project by using the start page of the secure server. Then manually edit the URL in the address bar to change the part that selects the language. For instance, the German language prefix is "de", so change this: (English Wikipedia)

To this: (German Wikipedia)

After you made such a link, you can save it in your browser's bookmarks, or save it on your user page. But don't put such hardcoded links in other pages or templates, since users who are connected to the normal servers probably don't want to be sent to the secure server.

The old server[edit]

The old secure server with URLs like has been deprecated since October 2011 and is no longer supported. As of 14 November 2012, it has been a redirect to

Check for yourself[edit]

If you are interested in the details of the secure connection being offered by the services, then you can inspect it with tools like: SSL Labs or SSL analyzer. The following details are non-authoritive information:

The current certificate is valid until 24 January 2019
SHA-256 fingerprint
68 55 49 46 13 AC 3A 18 6E 8A 16 5C BD 79 12 B7 F1 99 BC 8E 25 F6 1B 60 78 71 B0 8B 06 EC A6 C9
SHA-1 fingerprint
0F FB 95 52 F3 B1 3E CF AB 6E 82 8C 60 88 A2 0F D0 04 4E 4E

See also[edit]

External links[edit]