Why your Website Needs an SSL Certificate
In previous years an SSL Certificate was only required for e-commerce websites. In 2017 it is now an essential requirement for every site. Don’t know the difference between packet-sniffing and phishing exploits? Never fear! In this post, we will explore what exactly SSL is, benefits for your website and how you can get one.
Table of contents
- What is SSL?
- Why SSL is important
- How can I tell if a site is using SSL?
- How to get an SSL Certificate
What is SSL?
If you are a website owner or manager you have undoubtedly heard the term SSL thrown around over the past few years. If you have found nodding approvingly while secretly wondering if it’s a new model Mercedez-Benz model, you’re not alone. SSL is short for Secure Socket Layers. The confuse matters further, SSL is actually the predecessor to what is now known as TLS or Transport Layer Security, but everyone still calls it SSL. For the sake of our sanity, we’ll keep calling it SSL too.
So now that we can impress everyone by explaining what SSL stands for, let’s find out what it actually does.
If your website includes a method of gathering information from a user, then that data can potentially be intercepted without proper security. An SSL Certificate will establish an encrypted link between a users web browser and a web server so that data is unreadable anyone watching. This is the reason that all payment gateways require SSL to be active when processing payments directly on your website.
Why SSL is Important
Aside from the security of data that SSL provides, it can also improve other factors related to your website performance.
Back in 2014, Google announced that they would begin to use SSL as a ranking signal. What this means is that sites that run over the https protocol will be given a higher page rank than sites running on standard http.
Then in 2016, Google announced that it would be updating their Google Chrome browser to clearly indicate sites that do not have an SSL Certificate in place.
Site Performance via HTTP/2 Support
In the past, encrypting data at both ends of the transfer would slow a website down, but these days SSL will actually improve your site performance if you have a good hosting provider. Almost all recent versions of web browsers support the new http/2 protocol. This protocol is an updated version of the http protocol, which has been the backbone of the internet since it’s inception. One of the major benefits of http/2 is that it supports something called multiplexing. This allows browsers to download multiple resources concurrently, rather than the standard method of waiting for a file to download before starting the next one.
While the official documentation does not state that SSL is a requirement for http/2 it is only supported at present by all browsers if the site has an SSL in place. So.. no SSL Cert, no multiplexing!
Having an SSL Certificate associated with your domain is a way of proving ownership over that domain name. There are many fraudsters out there who can accurately replicate your website and pose as a legitimate business in order to gather sensitive data. When an SSL Certificate is set up, the server hosting your website will also have a server certificate in place. This allows your SSL Cert and the server to ensure that data input through the browser cannot be intercepted and prevent phishing attacks.
How can I Tell if a Site is using SSL
Most browsers will make it clear that a website is using SSL by displaying a padlock symbol near the website address bar. If you are unsure whether a web page is using SSL, you can be sure by checking that the website URL begins with https://.
How to get an SSL Certificate
There are hundreds of companies that provide SSL Certificates as a paid service and a few newer ones that offer them for free. Here are two that I have had a positive experience with in recent times.
These are the guys who are leading the charge for a more secure internet. Let’s Encrypt offer free SSL/TLS for everyone and are quickly becoming industry leaders in this space.
Trustwave is a cyber security company who offer a multitude of security solutions for online and offline requirements. They offer extended validation certificates, which provide that bit of extra authority by including your company name as part of the certificate. Some browsers will display this in the address bar along with the padlock symbol.
If your site is running on WordPress and you want an SSL Cert as standard, then you should consider one of our Website Care Plans. As part of all of our plans we provide an SSL Certificate as standard. We’ll migrate your site over to our WordPress-optimised environment and have your site fully secure and performing at it’s best.