Security should always be a high concern for your website, but do you need an SSL certificate? Many people wonder if the information that they’re sending through the web is actually secure and with the increasing amount of online data transferred and purchases made, it Is wise to understand some of the things to look for both as a consumer and as a business.
- What is SSL?
- How will people my site has an SSL certificate?
- Does an SSL protect my site?
- Is there a downside?
- Is it necessary?
- Does having a SSL influence SEO?
- What should I do?
- In conclusion…
What is SSL?
SSL (Secure Sockets Layer) is a technology to scramble communications between the user and the web server. It creates an encrypted connection between your web server and your visitors’ web browser allowing for private information to be transmitted without the risk of eavesdropping, data tampering or message forgery. The encryption process scrambles the data into an undecipherable format that can only be returned to a readable format with the proper decryption key. If you are collecting sensitive private data over the internet, SSL is an important additional security layer.
How will people know my site has an SSL certificate?
Whenever you are visiting a web page with SSL protection, you will see a padlock icon that assures you that the page is secure. The padlock is usually located in the bottom right of your screen or next to the website address. Some browsers also have a green highlighted section in the address bar but on every browser it means a change in the domain name from HTTP to HTTPS.
Does an SSL protect my site?
It is important to keep in mind that SSL does very little to prevent a website from being hacked. It only prevents 3rd parties from listening to communications between the user and the website.
Is there a downside?
Cost is an obvious disadvantage. It is just another thing to add to your ever-growing list of business expenses. However, it doesn’t need to be expensive. GoDaddy offer a number of options including an auto renewing option. They support 256-bit encryption and they are recognised by all the major desktop and mobile browsers. Plus, they are backed by great 24/7 phone support and service.
Performance is another disadvantage to SSL. A site with SSL is slower because every single byte of information needs to be encrypted and decrypted by both the user and the web server, and this takes significantly more effort than simply transmitting. SSL not only encrypts information typed into forms by users, but also the text of web pages, style sheets, scripts, images and videos. Most of this does not need to be encrypted, but it gets encrypted anyway. However, the performance difference is only noticeable for web sites with very large numbers of visitors.
Is it necessary?
If you have any sort of log-in form where customers enter a username and password, then an SSL certificate is highly suggested. Hackers can easily see the username and password in clear text. Many people still don’t understand the importance of strong passwords and often use the same username and passwords for all their accounts including their bank. This means hackers could gain access to multiple accounts.
Any information sent on the Internet is passed from computer to computer to get to the destination server. When an SSL certificate is used, credit card numbers, usernames and passwords and other sensitive information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.
If you’re taking credit card payments directly on your website, you definitely need SSL in place to encrypt this information. If you run a membership site and are collecting emails, names and passwords, SSL would be a good idea.
Does having a SSL influence SEO?
As of August 2014, Google have added that an HTTPS is a signal for the search engine’s algorithm meaning that HTTPS sites will rise higher in page rankings that with with no SSL.
What should I do?
Purchasing and installing an SSL is not complicated or expensive. To enable SSL on a website, you will need to get an SSL Certificate that identifies you and install it on the server. Most are valid for a year and will need to be renewed in the same way as your domain name registration and hosting.
Make sure your SSL certificate is always up to date. Check the expiration date by clicking the padlock symbol and then “View Certificate”. Make sure to test your site in a number of browsers including Firefox, Google Chrome and Internet Explorer.
As more and more of our everyday lives becomes intertwined with the web, we need to continue to develop our understanding of it, but more importantly, our understanding of how to use it securely. Implementing SSL is just one of many steps that need to be taken to ensure a website is secure and one more sign that your customers can see you are looking after them.