What is SSL and do I need it for my site?

By August 20, 2015Technology, Website design
ssl_security

Security should always be a high concern for your website, but do you need an SSL certificate? Many people wonder if the information that they’re sending through the web is actually secure and with the increasing amount of online data transferred and purchases made, it Is wise to understand some of the things to look for both as a consumer and as a business.

  • What is SSL?
  • How will people my site has an SSL certificate?
  • Does an SSL protect my site?
  • Is there a downside?
  • Is it necessary?
  • Does having a SSL influence SEO?
  • What should I do?
  • In conclusion…

What is SSL?

SSL (Secure Sockets Layer) is a technology to scramble communications between the user and the web server. It creates an encrypted connection between your web server and your visitors’ web browser allowing for private information to be transmitted without the risk of eavesdropping, data tampering or message forgery. The encryption process scrambles the data into an undecipherable format that can only be returned to a readable format with the proper decryption key. If you are collecting sensitive private data over the internet, SSL is an important additional security layer.

How will people know my site has an SSL certificate?

Whenever you are visiting a web page with SSL protection, you will see a padlock icon that assures you that the page is secure. The padlock is usually located in the bottom right of your screen or next to the website address. Some browsers also have a green highlighted section in the address bar but on every browser it means a change in the domain name from HTTP to HTTPS.

Does an SSL protect my site?

It is important to keep in mind that SSL does very little to prevent a website from being hacked.  It only prevents 3rd parties from listening to communications between the user and the website.

Is there a downside?

Cost is an obvious disadvantage. It is just another thing to add to your ever-growing list of business expenses. However, it doesn’t need to be expensive. GoDaddy offer a number of options including an auto renewing option. They support 256-bit encryption and they are recognised by all the major desktop and mobile browsers. Plus, they are backed by great 24/7 phone support and service.

Performance is another disadvantage to SSL. A site with SSL is slower because every single byte of information needs to be encrypted and decrypted by both the user and the web server, and this takes significantly more effort than simply transmitting.  SSL not only encrypts information typed into forms by users, but also the text of web pages, style sheets, scripts, images and videos.  Most of this does not need to be encrypted, but it gets encrypted anyway. However, the performance difference is only noticeable for web sites with very large numbers of visitors.

Is it necessary?

If you have any sort of log-in form where customers enter a username and password, then an SSL certificate is highly suggested. Hackers can easily see the username and password in clear text. Many people still don’t understand the importance of strong passwords and often use the same username and passwords for all their accounts including their bank. This means hackers could gain access to multiple accounts.

Any information sent on the Internet is passed from computer to computer to get to the destination server. When an SSL certificate is used, credit card numbers, usernames and passwords and other sensitive information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

If you’re taking credit card payments directly on your website, you definitely need SSL in place to encrypt this information. If you run a membership site and are collecting emails, names and passwords, SSL would be a good idea.

Does having a SSL influence SEO?

As of August 2014, Google have added that an HTTPS is a signal for the search engine’s algorithm meaning that HTTPS sites will rise higher in page rankings that with with no SSL.

What should I do?

Purchasing and installing an SSL is not complicated or expensive. To enable SSL on a website, you will need to get an SSL Certificate that identifies you and install it on the server. Most are valid for a year and will need to be renewed in the same way as your domain name registration and hosting.

Make sure your SSL certificate is always up to date. Check the expiration date by clicking the padlock symbol and then “View Certificate”. Make sure to test your site in a number of browsers including Firefox, Google Chrome and Internet Explorer.

In conclusion…

As more and more of our everyday lives becomes intertwined with the web, we need to continue to develop our understanding of it, but more importantly, our understanding of how to use it securely. Implementing SSL is just one of many steps that need to be taken to ensure a website is secure and one more sign that your customers can see you are looking after them.

 

About Caroline

Caroline is a specialist in business creation, growth and change management. Her aim is to empower start-ups and small businesses to drive growth through the development of business ideas, product and service development, strategy and system planning as well as business branding and promotion.

One Comment

  • Ilya says:

    Caroline, thank you for this article – it really usefull and easy to understand even for non-technical person (like me:)). I think it’s also important to note that the SSL certificate will significantly enhance the trust level of website’s visitors. It directly affects the sales on your website. When customer chooses an online store where he can make a purchase, he will definitely buy from website, where his credit card’s data is secure. Thus, SSL certificate is a kind of competitive advantage.

    When searching for SSL cert for myself I noticed that SSL providers, which have SSL certs as a main product, provide better prices than Certificate Authorities, and even hosting providers (like GoDaddy). For example, popular RapidSSL:
    direct from http://www.rapidssl.com – from $40.66/yr.
    http://www.crucial.com.au – from $99/yr.
    http://www.timetossl.com – from $13.13/yr.

Leave a Reply