Understanding SSL and Its Importance in 2019

An introduction to SSL and why your website should use this important security feature

Website security has become a hot topic for businesses and consumers alike in recent years. High profile breaches and sensitive information data losses have caused PR nightmares for big names like Equifax, and the damage to their trustworthiness in the eyes of the general public will take years to repair, if ever. It goes without saying that avoiding these types of breaches and security issues is incredibly important if you have a website, especially one that collects customer data, processes online transactions, accepts payments, and shares private messages.

SSL, short for Secure Sockets Layer, is the standard for website security today. Most people interact with websites using an SSL connection on a daily basis and don’t even know it. The simple, tried, tested, and true solution is easy for website owners to implement, and doesn’t change or alter the end user experience.

Of course, while SSL may be simple to use, the technology behind it is anything but. It’s important for you to understand the features, benefits, and potential drawbacks of implementing SSL on your web server before you proceed with the process. This article will help you gain a basic understanding of SSL, as well as why you need to it include it as part of your website’s security technology, and how to move forward with implementation.

What is SSL?

Chances are, if you have done any browsing online today, you have used a website with SSL and you may not even have realized it. The simplest way to tell if a website is using SSL is to look at the address bar. Every website address begins with either “http://” or “https://” and, as you may have been able to guess, that little “s” indicates that the website is using SSL. There is no need for someone visiting the website to do anything to initiate SSL – it just happens.

But what does that little “s” in the address bar actually mean?

Simply put, it means that the data that you are submitting and sharing with the website you are visiting is encrypted and secure. That’s a very important distinction, especially if you are sharing sensitive information like you would on your bank’s website or while purchasing an item through an online store.

When data is encrypted through an SSL protocol, it means that only you and the website owner can read the information. Hackers that are monitoring open wi-fi networks, for example, will not be able to see if you’re submitting a password, credit card number, or private message. In other words, that little “s” near the beginning of a website’s address is a big deal if you’re at all concerned about your privacy online. If you’re operating your own website or multiple domains, people will feel more confident when it comes to sharing information with you if you use SSL. If you don’t use SSL, people may look elsewhere since they won’t feel as though their visit is a secure session.  

2 other ways you can tell if a website is secure are if there’s a green address bar and/or a padlock icon.  And newer versions of popular web browsers like Google Chrome now tell people when a domain name isn’t secure. In fact, a warning message pops up that specifically states that the site they are about to visit is not secure. In order to proceed, people must confirm that they understand they are visiting an unsecure website and wish to proceed anyway. Even if someone has no idea what SSL is and what it does, that warning message can be enough to scare them away and potentially prevent them from ever returning. For you as a website owner, that means lost clicks, lost revenue, and potentially even a damaged reputation.

There are three different types of SSL certificates that you can get depending on your needs and the size of your business. Domain Validation is the first, and most common, type for small businesses. Essentially, this type of certificate just verifies that the website owner is the actual owner on record according to WHOIS information. The simplicity of this certificate may not be enough for high-volume websites but could be the perfect solution for blogs or smaller e-commerce stores. It’s also very easy to obtain this type of certificate, and may even be included in your web hosting plan.

Organization Validated SSL is the second type of certificate available. This certificate goes beyond a basic check of searching WHOIS databases and extends to government databases. What this ultimately does is provide greater assurances to customers and visitors that you are, in fact, the owner of the website and that has been verified with available records. People visiting your website will also be able to hover over the Trust logo site seal and see more information about your organization that they can verify with the information they already have. For security-conscious visitors, this may be the level of SSL required if they plan to do business with you.

Finally, there is EV SSL. This certificate takes longer to obtain and costs more money but offers visitors a very clear indication that the website is safe and secure. The green address bar is the main indicator that a site is using EV SSL and this is typically what you would find on the website of a major corporation or government agency. Verification is done to ensure the business exists physically, and documentation about the business must be provided. For most small to medium sized businesses, this might be an unnecessary level of security and cost but it is good to be aware of all SSL options available.

Why is SSL needed on your website?

Now that you understand what SSL does, it’s important to understand why it’s needed. At its most basic level, SSL is necessary to prevent hackers from monitoring the information your visitors send you, as well as the information you send back to your website’s visitors. Without SSL, customer credit card information could be stolen, passwords could be compromised, and personal information could be leaked.

While this would not directly be your fault, who do you think the average user will blame if their credit card is compromised after shopping on your website?

SSL is about more than just security for website owners, though. While its basic function is to encrypt data and provide that confidence to people visiting the website, it can also have a huge impact on your search engine results. Since search engines like Google have identified SSL as an important feature for websites to have, they put a significant emphasis on promoting websites with SSL in their search results. After all, Google wants to be a trusted search engine much like you want to have a trusted website.

The algorithms that search engines use are based on proprietary information that is not available to the public. We do know, however, that websites using SSL are more likely to appear near the top of Google’s search results. This means that by simply introducing a basic security feature, you could also improve your search engine rankings. And the importance of ranking highly on search engines can’t be understated. In fact, as many as 92% of search engine usersclick on results they see on the first page.

This is especially important if you’re trying to build a popular website that ranks highly on Google. Many website owners put a tremendous amount of effort into using the right keywords, building effective content, and designing eye-catching modern websites in hopes of organically ranking in one of the coveted top 3 spots on Google. Unfortunately, all of that hard work, time, and money will be a complete waste if your website security is not up to Google’s standards. In this context, that means integrating SSL into your website.

Is SSL available for phones as well?

One of the most common questions about SSL is how it integrates with mobile devices. After all, about half of all web traffic comes from mobile devices. If your website doesn’t consider these potential visitors, then you could potentially alienate an awful lot of people.

The good news is that SSL certificate sare valid for both desktop and mobile devices. By integrating SSL into your website, you are ensuring that both desktop and mobile users enjoy an industry standard of Internet security while browsing.

Some web hosting providers have had challenges in the past with SSL certificates not working properly on mobile devices. In situations like this, visitors see a message that says the website is not secure. Thankfully, this can usually be fixed quickly simply by contacting your hosting provider. Most reputable providers have already stepped up to address this challenge so that it’s not longer an issue.  If you want to be sure that your SSL certificate is working on mobile, you can quickly and easily perform an SSL check using any number of free services available online.

How to get an SSL certificate

There are several ways to get an SSL certificate based on your unique needs. One of the easiest ways to do this is to ensure that your web hosting provider includes SSL as a feature. This is one of the most common ways for small businesses and e-commerce stores to acquire and activate an SSL certificate. If your web host does not provide SSL certificates as part of your baseline hosting package or as an add-on, you can easily purchase one through an outside 3rd party.  Cloudflare and DigiCert are two of the most popular and reliable digital certificate providers.

If you are considering a third-party SSL certificate provider then you may want to do some research to see the various price levels available, the reviews for the companies in the market, the level of support offered including managed or self-installation, supported browsers including mobile browsers, whether a site seal is offered to display to visitors, and more.

There are free SSL certificates available and these may meet your needs but there are some notable downsides to choosing a free option over a paid service. For example, free certificates usually only offer Domain Validated SSL rather than the higher tier options. In addition, these free certificates will have to manually be installed and implemented which may require more technical know-how than some website owners have. Plus, support tends to be lacking as the free SSL certificate providers leave much of the work up to the user.

If you’re looking for an Organization Validated SSL certificate or an EV SSL certificate then you will likely have to opt for a paid service and, in that case, you should consider all other included features like support, and the level of security provided if you are planning on putting down your hard-earned money. If you need to cover more than just one domain name, that should also be a consideration as you compare the various options on the market as some certificates may only be valid for a single domain and a multi-domain certificate may be more costly up-front but end up saving money in the long run.

How to integrate SSL into your website

Now that you understand the importance of SSL, you need to actually integrate it into your website.  The good news is that the process is simple and, in many cases, you may not have to do much at all.

First, you’ll need to have a dedicated IP address for hosting your website. This is usually a nominal extra cost on top of your basic website hosting plan, and higher tier plans often include this as a standard feature. If you are unsure, reach out to your webhost’s customer service department to clarify if this feature is included in the plan you already have, or are thinking about purchasing.

Next, you’ll need to purchase an SSL certificate, and depending on the certificate type, submit all the required information to the Certificate Authority. Be sure to reference all of the guidelines outlined above as you’re evaluating your options. 

Once the certificate is purchased, you’ll need to activate it. Typically, if you have purchased an SSL certificate through your hosting provider, then the activation process will automatically be done for you. You’ll want to check with customer service to confirm this, however.  If this isn’t a standard service that’s offered, you can usually activate your certificate through the advanced security settings tab in the administration panel of your hosting provider.

Installing the certificate is the final step. If your hosting provider did go ahead and automatically activate your certificate, then this step is likely already completed for you as well. If not, the installation can be done through the administration panel for your website as well. It’s important to note that this step cannot be completed until the certificate has been activated.

While that may seem like a lot of work, the reality is that many hosting providers do a lot of the legwork for you when you purchase a hosting plan from them. In fact, in most cases, all you will have to do is ensure that SSL is a part of the plan you are purchasing, and then sit back and enjoy improved website security.

WordPress plugins for SSL

If you are like the millions of website owners that use WordPress, you may be wondering if there are any helpful plugins that can make enabling and integrating SSL into your website quick and easy. And the good news is that there are several plugins you can use that’ll make your WordPress website more secure.

Really Simple SSL is a plugin that eliminates the most common challenges associated with SSL implementation. With just one click, you can enable SSL on your website and and take advantage of basic settings that make it easy to manage the certificate itself, as well as your sites security. A Pro version of the plugin is also available, which provides additional features and options for advanced users that need more control over their website security.

Easy HTTPS Redirection is another WordPress plugin that simplifies the process of SSL integration and configuration. Since many of your website’s pages may not need SSL, this plugin allows you to pick and choose the pages that do, and quickly enable SSL on them as needed. Examples of pages where you would want SSL protection would include login pages, webstore checkout pages, and contact pages.

WP Force SSL also makes adding SSL a breeze. With a few clicks, you can have your website’s pages redirect to a secure connection. It’s important to note, however, that this plugin does lack many advanced options, and may not be the ideal choice if you’re looking for a lot of control, as well as customizability options.

SSL Insecure Content Fixer doesn’t actually provide an SSL, but makes important fixes and quality of life improvements to ensure that the experience users have on your website is not negatively affected by SSL encryption. It’s a great addition to your arsenal since it works seamlessly in tandem with other SSL plugins.

Better security, better search results, better customer experiences

SSL is an essential tool for website owners. The experience provided to your visitors is directly affected by whether or not you have enabled SSL. Plus, with search engines placing a greater emphasis on SSL, the success of your online marketing efforts may be directly linked to whether or not you have SSL.

As security concerns become more top of mind for the average Internet user, basic features like SSL implementation are quickly becoming the industry norm. Your client experience and your reputation as a business will soon be dependent on addressing security concerns and providing a secure, encrypted browsing experience from start to finish.

Alex Grant
 

Leave a Reply