Large websites handling sensitive data like eCommerce websites, social media websites and financial institutions have been using SSL certificates for years. SSL certificates provide a way to protect sensitive data travelling between you and a website via the internet. Recently, it has been more common for smaller websites to use SSL. Just last month, WordPress announced it would start rolling out SSL certificates for every website hosted under WordPress.com. So, with SSL becoming more mainstream for small-medium sized websites we thought we should explore what exactly a SSL certificate does and answer whether you should implement one for your website?
What is SSL?
When information is sent from your device to a website which doesn’t use SSL, it is basically transmitted as you would have entered it, in plain text form. This information usually bounces through several different servers before being received by the website. If the information you’re sending is sensitive, this is a huge risk as it can easily be intercepted, read and used maliciously.
Websites which do use SSL encrypt the information as you submit it, which means the information being sent through the internet is scrambled and near impossible for anybody except the intended destination to decipher.
How do I know if a website is using SSL?
As a website visitor, If you are sharing any sensitive information such as your name, contact details, credit card information or anything you wouldn’t want made public; it’s important to check the website you’re giving the information to does use SSL. You will notice which websites are using it by checking out whether the URL in your address bar starts with:
A website not using SSL (HTTP) appears like this:
A website using SSL (HTTPS) appears like this:
Should you get a SSL certificate for your website?
Your site should definitely have SSL implemented if you collect any sensitive information such as:
- Personal information (name, address, contact details)
- Financial information (credit card details)
- Has a login area which asks for username / password
Having a SSL certificate protects your information and most importantly your customers. If your website doesn’t handle sensitive information, SSL isn’t really necessary; however you may want to consider implementing it if you want to give your search ranking a small boost. Google has been proven to favour websites using SSL.
Historically SSL certificates have been costly to purchase and sometimes complex for the average website owner to install & maintain. Thankfully, this has changed which is making it more feasible for smaller websites and hosting providers like WordPress.org to roll out SSL certificates more easily and cost effectively. This is all thanks to the Let’s Encrypt project, which is a open source project allowing anybody with a website to procure a SSL certificate for free. It also makes the process of installing and updating it more automated. All you need to do is install the Let’s Encrypt client on your website environment. The Let’s Encrypt client will take care of procuring the SSL certificate, installing it and renewing it for you automatically as necessary.
SSL – Why Not?
If you asked me a year ago whether your website needs SSL, I’d say if you’re an average corporate website or a blog probably not unless you are collecting sensitive information. Today, SSL certificates are free and easy to setup and maintain. It gives you easy kudos with Google and if you do ever collect information from your customers it’s there to protect them. There isn’t really any reason not to get one so to your average website owner, I’d say – go for it.
You can find detailed information and instructions on how to implement SSL certificates over at Let’s Encrypt. Like WordPress managed websites are doing, we will be implementing SSL certificates as standard for all of the websites we manage. Feel free to get in touch with us if you need any assistance implementing SSL for your website.