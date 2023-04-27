The number of Public Administration websites that have correctly configured the HTTPS protocol doubled, going from 4,149 to 9,022, and those that still use the unsecure HTTP decreased, dropping to 223. Sites reporting serious security problems and misconfigured ones. Wordpress, on the other hand, is confirmed as the most used CMS.

These are some of the data that emerged from third monitoring created by AgID on the use of the HTTPS protocol and on the update status of the CMS on the PA systems. Here are the details.

The tracking

Envisaged by the Three-Year Plan for information technology in the PA, the monitoring involved 21,700 institutional portals – of which 18,096 can be accessed correctly – present in the IPA, the index of digital domiciles of the Public Administration and Public Service Managers. For 9,108 sites it was also possible to proceed with the detection of the version of the CMS used.

Improve the security of PA sites

In the 2022 survey, AgID found an increase in Public Administration sites that can be considered safe (47%), more than doubled compared to last year. The almost correctly configured sites, on the other hand, are 11%: these are sites that already use the HTTPS protocol but the configuration, although not immediately vulnerable, is no longer considered suitable for modern standards.

Sites reporting serious security issues dropped from 53% to 41% this year. In particular, there was an improvement in redirects from HTTP to HTTPS, a decrease in sites that redirected to HTTP, a decrease of almost 1,800 sites that had the incorrect certificate and a halving of sites that used TLS 1.0 certificates at most and TLS 1.1.

The sites considered “unrecoverable”, ie those that do not use the HTTPS protocol, represent 1% of the total. Compared to last year, they have decreased by 34%, going from 340 to 223, while the number has halved compared to the scan two years ago (they were 445 in 2020).

The Content Management Systems (CMS) used for the PA sites

The number of sites using the most up-to-date version of their CMS also increased by 8%. At present, that’s about a quarter of domains that use a CMS. However, half of the domains with a CMS are not updated to the latest version.

Wordpress is confirmed as the most used CMS in the Public Administration: in fact, 57.15% of the sites use it. Then follow Joomla (24.71%) and Drupal (8.72%).

Compared to the previous monitoring, the number of sites created with WordPress has grown from 4,490 to 5,205 sites, while the data relating to the use of Joomla and Drupal remain almost unchanged.

Finally, exactly one year after making the self-test service of the HTTPS and CMS configuration reserved for the PA, a total of 549 analysis requests were processed from public organizations registered on the IPA.