• Home
  • About Us
  • Advertise
  • Archives
  • Contact Us
  • Smartphone Prices
Tuesday, June 30, 2026
Tech Pilipinas
  • Telecoms
  • Government
  • Fintech
  • Internet
  • Social Media
  • Tutorials
  • Entertainment
  • E-commerce
  • Deals
  • More
    • Gaming
    • Gadgets
    • Mobile
    • Apps
    • Business
    • News
    • Security
No Result
View All Result
  • Telecoms
  • Government
  • Fintech
  • Internet
  • Social Media
  • Tutorials
  • Entertainment
  • E-commerce
  • Deals
  • More
    • Gaming
    • Gadgets
    • Mobile
    • Apps
    • Business
    • News
    • Security
No Result
View All Result
Tech Pilipinas
No Result
View All Result

Home » Security » Many Philippine Government Websites Are Still Not Secure

Many Philippine Government Websites Are Still Not Secure

It's already 2019, but many Philippine government agencies still have not implemented basic website security such as HTTPS encryption

Luis Reginaldo Medilo by Luis Reginaldo Medilo
December 15, 2025
in Security, Government
Follow us on Google
Philippine government websites
46
SHARES
Share on FacebookShare on Twitter

In light of recent cybersecurity mishaps such as the alleged DFA passport data breach, how serious is the government when it comes to protecting the privacy of Filipino citizens?

If we look at some of the websites owned and managed by the Philippine government, it seems that the online security and privacy of ordinary Filipinos are the least of their concerns. After all, many Philippine government websites still don’t have HTTPS encryption, which is the most basic feature of website security at a time when hackers and cybercriminals run rampant.

As early as 2016, Google has started warning Internet users about the risks of visiting insecure websites without TLS or SSL certificates. Insecure websites pose security and privacy risks to Internet users due to the lack of encryption when handling sensitive information such as names, birthdays and even credit card information. Without HTTPS encryption, sensitive data could be intercepted by attackers that are spying on Internet traffic.

What is HTTPS Encryption and How Does It Work?

Hypertext Transfer Protocol Secure (HTTPS) is a communication protocol encrypted using Transport Layer Security (TLS). TLS, as well as its predecessor Secure Sockets Layer (SSL), is the standard security technology for establishing an encrypted link between a browser and a web server. It ensures that the transmission of data between the browser and the server (where the website is hosted) remains safe, private and protected.

SSL
Flowchart of HTTPS encryption. Credit: Serverguy.com

Without an SSL certificate, data is transmitted as unencrypted plaintext, making it potentially accessible and readable to attackers that are snooping on network traffic. Any information that you send through the Internet are passed on from one computer to another until it reaches the destination server. Any computer in between you and the web server can see your sensitive information if it is not encrypted. With an SSL certificate in place, that information becomes unreadable to everyone except the destination server.

HTTPS is especially important over insecure networks such as public Wi-Fi access points, as anyone on the same local network can eavesdrop and intercept sensitive data not protected by HTTPS.

So how do you know if a website has HTTPS encryption? Websites with HTTPS encryption start with https:// instead of http://. On Google Chrome, a secure website is shown with a padlock icon next to the URL or web address. Clicking on that icon will show the message, “Connection is secure.” Unsecured websites will show a “Not secure” warning next to the browser address bar.

Philippine Government Websites Without HTTPS Encryption

Mind you, it’s not really imperative that your website should have HTTPS encryption. If your website does not handle user data or information, there’s really no urgent need to install an SSL certificate, although there’s a whole range of benefits in doing so, such as better search engine rankings.

We have not yet come to the point where access to your website will be blocked or limited if it doesn’t have HTTPS encryption, although based on Google’s previous pronouncements, they’re moving towards that direction.

However, if your website handles sensitive and important information, it’s absolutely necessary to have an SSL certificate installed. This protects your users’ private information from the prying eyes of hackers and ensures that transmitted data cannot be corrupted or modified.

Knowing how important this basic security feature is, we visited several Philippine government websites to determine if they have implemented HTTPS encryption. We were surprised by the results.

Out of the 46 government websites we visited, 29 websites don’t have HTTPS encryption (and are insecure), 2 have SSL certificates but are not fully secure, and only 15 have HTTPS encryption and are fully secure.

Some of the biggest offenders include the Department of Education, the Department of Public Works and Highways, the Department of Tourism, the Civil Service Commission, and ironically, the Department of Information and Communication Technology.

Deped website
Insecure website warning for the DepEd website

Here is the list of Philippine government websites that still lack HTTPS encryption:

  • Office of the President
  • Office of the Vice President
  • Senate
  • House of Representatives
  • Supreme Court
  • Sandiganbayan
  • Department of Information and Communication Technology (DICT)
  • Department of Agrarian Reform (DAR)
  • Department of Agriculture
  • Department of Education
  • Department of Environment and Natural Resources (DENR)
  • Department of National Defense
  • Department of Public Works and Highways (DPWH)
  • Department of Science and Technology (DOST)
  • Department of Tourism
  • Metropolitan Manila Development Authority (MMDA)
  • Mindanao Development Authority
  • National Commission on Muslim Filipinos
  • National Economic and Development Authority (NEDA)
  • National Security Council
  • Presidential Management Staff
  • National Telecommunications Commission (NTC)
  • Bureau of Customs
  • Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA)
  • Bangko Sentral ng Pilipinas
  • Civil Service Commission
  • Intellectual Property Office of the Philippines
  • Philippine National Police
  • Housing and Urban Development Coordinating Council (HUDCC)

Websites with HTTPS encryption but are not fully secure are:

  • Department of Interior and Local Government (DILG)
  • Technical Education and Skills Development Authority (TESDA)

We understand that these websites serve mostly as repositories of information for the general public, but there are instances where Internet encryption would be useful. For example, most government websites have web-based contact forms where random users can enter their personal information such as names and email addresses. Without encryption, such information could be exposed to attackers who might use them for fraud, identity theft, and other cybercrimes.

It’s not only contact forms that are vulnerable to attackers. For instance, the Civil Service Commission website has the Online Career Service Examination Result Generation System (OCSERG) and the Online Notice of School Assignment (ONSA). Both online services require users to enter their personal details such as their first names, last names, email addresses, and dates of birth.

CSC ONSA
Civil Service Commission website online service with a “Not secure” warning

The Civil Service Commission website also has an email service for the agency’s officers and employees. Without HTTPS encryption, attackers could theoretically gain access to users’ email accounts by spying on network traffic and stealing usernames and passwords.

CSC webmail
Civil Service Commission webmail service without HTTPS encryption

The Civil Service Commission website is just one example of a government website that handles and processes sensitive information without HTTPS encryption. There are also websites that load over HTTPS but are still not fully secure. This is called “mixed content” because some elements (such as CSS files and images) are fetched via HTTP. One example of a website with mixed content is the DILG website.

DILG website
Insecure website warning for the DILG website

For a website to be fully secure, it must serve all content via HTTPS. If a website has HTTPS encryption but some files are loaded via HTTP, attackers could replace those files with false, malicious codes to steal user data.

How to Implement HTTPS Encryption

The easiest way to implement HTTPS encryption on a website is to install an SSL certificate. Webmasters can get free SSL certificates from Let’s Encrypt; many web hosting providers now offer free SSL certificates that can be installed with just a few clicks. Cloudflare also offers free SSL certificates with no installation required (in fact, Tech Pilipinas uses a free SSL certificate from Cloudflare).

We hope that the relevant government agencies will take online privacy more seriously and implement HTTPS encryption on their websites to protect the information and identity of Internet users. Implementing HTTPS encryption doesn’t require a large financial outlay (some SSL certificates are free), nor does it take significant technical expertise (any web developer can install an SSL certificate).

We also call on the National Privacy Commission to ensure that Philippine government websites comply with current web security and privacy standards starting with basic HTTPS encryption. Privacy is the right of every individual, and websites that fail to live up to web security standards risk endangering the privacy of Internet users, especially at a time when data breaches, hacking incidents and cyber attacks are increasing day by day.

Add as a preferred source on Google

If you enjoyed reading this article, you can help support independent tech journalism by adding Tech Pilipinas as a preferred source.

Don't Miss An Article!
Sign up for our free newsletter and get updated every time we publish a new article. We work very hard to bring you the latest happenings in the Philippine and global tech scene.
We will not share your email address. We really hate spam!
Previous Post

OYO Launches in the Philippines, Invests $50 Million

Next Post

How to Enable Facebook Messenger Dark Mode

Luis Reginaldo Medilo

Luis Reginaldo Medilo

Luis Reginaldo Medilo is the founder and editor-in-chief of Tech Pilipinas. He has over 25 years of hands-on experience with computers and the Internet, and has been writing about Philippine technology for over a decade, covering fintech, telecoms, government digital services, and consumer gadgets.

You May Also Like

Government

How to Apply for the Pag-IBIG SAFE Loan Online (2026 Step-by-Step Guide)

June 23, 2026
Government

How to Bid on Foreclosed Properties via the Pag-IBIG Acquired Assets Online Public Auction (2026 Updated Guide)

June 16, 2026
Government

How to Apply for the Civil Service Exam Online via CSC eServe (2026 Step-by-Step Guide)

June 15, 2026
Government

How to Apply for the Civil Service Exam Online via OCSEAS (2026 Step-by-Step Guide)

June 10, 2026

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Articles

DILG urges Congress to study ban on violent video games

June 27, 2026

Swedfund commits $15 million to mid-sized companies in the Philippines

June 27, 2026

DOT launches “Discover More to Love” travel deals portal

June 27, 2026

BSP orders banks to drop SMS OTPs for high-risk transactions

June 26, 2026

Viber adds free ChatGPT tools for Philippine users

June 25, 2026

Featured Articles

passport appointment

How to Schedule a DFA Passport Appointment Online (2025 Updated Guide)

December 15, 2025

How to Apply for a UMID ID Card or SSS ID Online (2026 Updated Guide)

January 20, 2026

How to Apply for the DOST Scholarship Program (2025 Updated Guide)

December 15, 2025

How to Get a Pag-IBIG Loyalty Card Plus (2026 Updated Guide)

June 22, 2026

How to Get a PhilHealth ID Card (2025 Updated Guide)

December 15, 2025
Facebook Twitter Instagram Threads Youtube Pinterest

About Us

Tech Pilipinas is the Philippines’ digital lifestyle and technology magazine, helping millions of Filipinos keep up with the challenges of the fast-paced, ever-changing world of technology.

Office Address: General Maxilom Avenue, Cebu City, Cebu, Philippines
Email: [email protected]
Phone: +639055450299

Get it on Google Play

Browse by Category

  • AI
  • Apps
  • Business
  • Computers
  • Deals
  • E-commerce
  • Entertainment
  • Fintech
  • Gadgets
  • Gaming
  • Government
  • Internet
  • Mobile
  • News
  • Reviews
  • Security
  • Social Media
  • Software
  • Technology
  • Telecoms
  • Tutorials
  • Uncategorized
  • ZIP Codes

Popular Tags

BIR BPI Facebook GCash Globe HDMF Messenger mobile wallet online banking online payments online shopping Pag-IBIG PayMaya PLDT Republika ng TM Smart Social Security System SSS Talk N' Text WiFi

Copyright © 2017-2026, Tech Pilipinas and Luis Reginaldo Medilo. All Rights Reserved.
Tech Pilipinas ® is a registered trademark with the Intellectual Property Office of the Philippines with Registration No. 4/2023/00502052.
No part of this site may be copied, reproduced, modified or distributed without the prior written consent of Tech Pilipinas.
Contact Us | Copyright Notice | Disclosure Policy | Disclaimer | Privacy Policy | Editorial Policy | Corrections Policy | Code of Ethics

  • Home
  • Categories
    • Apps
    • Business
    • Computers
    • Deals
    • E-commerce
    • Fintech
    • Gadgets
    • Gaming
    • Government
    • Internet
    • Mobile
    • News
    • Reviews
    • Security
    • Social Media
    • Software
    • Telecoms
    • Tutorials
    • Entertainment
  • About Us
  • Archives
  • Advertise
  • Contact Us
  • Smartphone Prices