Hi
Tech question: Sometimes I am logging in to wordpress websites that does not support or creates problems if I try to use https, usually because they are on shared hosting.
If I connect to them from my home, for someone to see the login info I send to the server I assume they have to be at either close to the wordpress server or at my ISP providers office,
But if I use a vpn, someone could just figure out where the vpn servers are for avast and locate themselves near one of the vpn servers exit points and sniff all of my non-SSL traffic all the time instead of having to be near the specific server I connect to at a given moment. Because the traffic is just protected between me and the vpn provider but not between the vpn and where I want to connect to.
yes but what I say is that sometimes shared hosting does not offer SSL support on the domain I register on the account there.
So instead they offer me to use their shared SSL so that when I connect to wp login I need to use the url like https://secure-shared-company-official-SSL.my-own-domain-name.com/wp-admin
and that often just makes worpress behave really strange and it usually says that my connection is unsafe etc. etc… and breaks various links and stuff inside the admin backend.
If I oversimplify this, it’s probably better to encrypt traffic around your endpoint. It’s not particularly practical to attack server endpoints if you have no personal connections or you are not three-letter agency. Your employer, flatmate, local ISP might have more reasons to observe your traffic making VPN practical (as it moves unencrypted traffic farther from people that might have interest in you). Take this with a grain of salt though, unencrypted is just that. There is still possibility that somebody observes traffic near servers and even if they do not care about you specifically, they may not hesitate to take an advantage of your data when they pop in front of them.