A thief walks into a bar.
Sitting at the counter are two rich men—one drinking water with two vigilant bodyguards, and one that’s drunk out of his mind with loose pockets, a full wallet, and an attention span fixed on the cute bartender.
Who’s the thief going to rob?
If you guessed the drunk dude, you’d be right.
What if I told you having unsecured website is exactly like being that drunk guy with loose pockets at the bar? You’re practically inviting hackers to steal your customers’ information.
Purchasing an SSL certificate to make your website secure is like hiring bodyguards to protect you from those thieves and hackers. Below we’ll dive into what exactly an SSL certificate is, how to get one, and if it’s really worth it (hint: the answer is yes.)
What Is an SSL Certificate?
Remember our thief? An SSL (Secure Sockets Layer) certificate is what stands between customers’ personal data on a website and hackers. It’s a set of data files that you can add to your server to achieve an encrypted connection between a browser and your server. When installed, a green padlock will be displayed when users visit your site to indicate that the site is secure.
Now, you may have heard the terms “SSL” or “SSL certificate” used interchangeably with HTTPS (Hypertext Transport Protocol Security).
For most intents and purposes, these are the same. An SSL certificate is the product that you are actually purchasing and installing on your server, and HTTPS is the result of having that certificate on your server.
What Does It Mean When a Site Is HTTPS?
HTTPS, or secure, sites include the SSL 2048-bit key and can protect a site connection through authentication and encryption. When installed on a web server, an SSL certificate activates the padlock and the HTTPS protocol and allows secure connections from a web server to a browser.
Secure websites can protect a user’s connection by securing information in three layers:
- Encryption ensures that a user’s activity cannot be tracked or their information stolen
- Data integrity prevents files from being corrupted as they’re transferred
- And authentication protects against attacks and builds user trust
In regular-people-terms, HTTPS is a way to encrypt information that you send between a browser and a web server. This protects your website’s users from “man-in-the-middle” attacks, where someone steals the information being sent to a website, like credit card information or logins.
Imagine an interception in football. Your SSL certificate prevents someone from intercepting the ball so the receiver can make the catch and take it to the end zone.
How Does an SSL Certificate Work?
When a browser attempts to access a website that has an SSL certificate properly enabled, the browser asks the site to identify itself—similar to a bouncer at a super-fancy club.
At that point, the website will send over a copy of its SSL certificate and the website’s public key to start a process called an “SSL handshake.” The browser will then check that the certificate is from a trusted Certificate Authority (CA), unexpired, unrevoked, and is valid for the website it is connecting to.
If it passes all of those tests, the browser will create, encrypt, and send back a symmetric session key using the website’s public key. Then the website will decrypt the session key and send an acknowledgment to start the encrypted session. Finally, the website and browser can encrypt all transmitted data within the session key.
Got all that?
Who Needs an SSL Certificate?
Personally, I think everyone should invest in having a secure site, because I think every business owner should care about their customers’ personal information being stolen. (Not to mention the SEO benefits a secure site has over an unsecured site).
A more measured approach would be that the level of consumer information on your site should correlate to the level of security you have. While securing a site can provide benefits to all businesses, it is more important for some businesses than others. If users provide you with sensitive information like their credit card number, like e-commerce sites, SSL certificates are practically non-negotiable. If users of your site have to login with a username and password, you are also in need of a secure site.
That being said, over 40% of the sites on the first page of Google are HTTPS, which is not a surprise, since Google has confirmed that they favor HTTPS sites. So if you care about your rankings, leads, and sales, getting an SSL certificate would be a wise decision.
Why Should You Install an SSL Certificate?
Adding an SSL certificate to your website protects your users’ basic information and gains their trust. Among others, some of the main benefits include:
- It prevents hacking and interference by third parties
- It makes your site more secure for customers
- It encrypts every single form of communication, including URLs, which protects consumer information like credit card numbers, browsing history, and demographic details
- It also has incredible SEO benefits. Get this—in 2016, before Google really pushed for secure websites, HTTPS sites made up 40 percent of the first page of Google search results. According to Search Engine Land, Google said that the HTTPS signal showed “positive results” in terms of relevancy and ranking in Google’s search results. Basically, if all other elements are equal on two websites, the one that is secure will rank better than one that isn’t.
Where Do You Check If You Have an SSL Certificate?
Chrome is going to start making it really obvious when a website isn’t secure. Right now, the URL bars of HTTP sites look like this:
But eventually, Chrome is going to label all HTTP pages as non-secure (this is already rolling out) and change the HTTP security indicator to the red triangle used for broken HTTPS.
Do you REALLY think someone is going to choose your website over a competitor’s if yours has a huge red X on its forehead? Probably not.
Where Do You Buy an SSL Certificate?
You buy an SSl certificate through your hosting provider. For example, if your website is hosted on GoDaddy, you’d buy your certificate through them. Same for WordPress. There are occasions (Blue Corona is one of them) where you’ll need a more secure SSL certificate—health, banking, and personal information websites should look into this—and you’ll have to use a third party.
Which SSL Certificate Is Right for You?
How do you choose your SSL certificate? It’s based on the amount of security you need on your site. If your site is purely content and has no contact forms or any areas for consumers to enter their information, you can have a lower amount of security. Finance, health, and other sites that require sensitive information should always go for a higher level of security.
When Do SSL Certificates Expire?
Typically, you need to renew your SSL certificate yearly after you first purchase it. The setup is the main process, so that will be the majority of your cost.
Are HTTPS Sites Safe?
Hosting is the most important part of website security. Think of site security like someone breaking into your house. Secure hosting is like the security measures that prevent someone from entering your home—locked doors, window bars, etc. WordPress level security is like protecting the valuables (putting them in a safe) within your home once someone is already in your house. Both are necessary, but it’s more important to prevent someone from entering in the first place.
Are SSL Certificates Worth It?
ABSOLUTELY. You hear about data breaches all the time. Having an SSL certificate helps prevent hackers from stealing your clients and customers’ information, so if you want to protect your customers….
How Is HTTPS Implemented?
The steps for making your site secure are as follows:
- Obtain a unique SSL certificate
- Coordinate SSL certification with the domain order
- Activate the SSL certificate on the server
- Update internal scripts, links, and URLs on the existing pages to use HTTPS
- Check pages for full security designation in the browser bar
Why Are SSL Certificates Important?
Let’s recap, shall we?
- People are more worried than ever about having their personal information hacked on the web. This means your website will be more reputable and trustworthy if your site is secure
- Secure websites show up higher in search results. The overwhelming majority of clicks happen on the first search engine page, so if your unsecured site is being bumped down by secure sites, your bottom line is going to feel it.
- Hackers are getting smarter by the hour. Even if you don’t think your site is worth hacking, people will hack it. We’ve had an industrial niche website hacked, and all they had as far as customer information was names from contact forms. Point is, it’s not always banking and credit sites that get hacked, and you have a responsibility to protect your customers.