What is an SSL?
If you only read one line of this entire article, let it be this: You need an SSL for your website. Now that that’s out, what is an SSL?
SSL is short for Secure Sockets Layer. That was easy enough, but what does it do? That’s a little more complicated. Let’s talk about website security for a moment.
Every time you visit a website online, data is being transferred between you and the website’s server. What’s a server? It’s a piece of computer hardware that stores digital information.
For any website to be displayed on your browser, this exchange of information must take place. Your information that’s transferred to the server as soon as you click on a website is simple. It tells the server which browser you’re using, how large the screen is with which you’re viewing the website, and whether you’re browsing with a mobile device or not.
Once the server knows those pieces of information, it then gathers the information required into a data packet (more technically known as an IP packet) and sends it over. That information tells your browser how and what to display. It conveys the information that allows you to also interact with the website by doing things such as scrolling and clicking a link. As you interact with the website, information is transmitted back to the server so it can send the correct information back through your connection.
This process happens in milliseconds for every new action you take while interacting on the website.
Packets are like vehicles.
Think of each packet of information that goes back and forth as a delivery van traveling from your loading dock to a website’s loading dock. It’s cruising down an information superhighway with other delivery vans with every transfer. It’s GPS is set to take the shortest, quickest route to the appropriate exit to reach your loading dock. Once it reaches its destination, it starts the trek back to transfer more information.
How does this delivery van keep its cargo safe? Remember, it’s carrying information about you and about the website. Does it simple lock the doors? Drive defensively? Well, yes, that’s the default security precautions.
But what if a master of deception intercepts the data by getting a man on the inside? What if the delivery van reaches its designed loading dock and hands over all the information to the guy there, not knowing that is the inside man? That inside man opens the packets, takes a look at all the information, and then sends it on its way to the appropriate server so no one is ever the wiser.
This is most often what happens when a website has been hacked. Information is quietly mined and stored for later usage by the hacker.
What does an SSL do?
An SSL will help protect against infiltration of an inside man. A website with an active SSL is sending and receiving those information packets via an encrypted data link. It’s as if your delivery van is carrying coded information that will only make sense to the intended recipient. So that inside man won’t even know what he’s looking at if he’s opening those packets.
An SSL provides an extra layer of security and protection between a website and a local internet browser via the Secure Sockets Layer (SSL) protocol. Basically, it protects your website visitors from being spied on by hackers.
Remember, locking the doors isn’t enough. Data that’s transmitted over the internet that’s not encrypted can easily be intercepted or viewed by a hacker and then stolen, so it’s important to add this encryption layer. You’re not only protecting your own assets, but you’re protecting your clients and website viewers as well. And as an added bonus: Google will reward you for adding this layer of security.
By activating your SSL, you’re also purchasing an SSL Certificate. Now, not all SSLs or certificates are the same. In today’s market, there are three different types of SSL Certificates: Domain Validation, Organization Validation, and Extended Validation.
Domain Validation SSL certificates are checked against the domain registry. These are the cheapest to purchase, easiest to acquire, and least secure of the three types. These are the least secure for two reasons:
- Because the process for procuring Domain Validation SSL is automated.
- It doesn’t mean there is an encrypted link active on the website. It only means that the person or organization who applied to validate the domain has proven they have some measure of control over the domain.
Someone can easily lie about who they are or what company or organization they are with as long as they have access to change information on the server. This is certainly still better than nothing, but browse carefully on these websites.
Organization Validation certificates are much more trustworthy because they’re verified by real people who often contact the website/business owner. This is the most standard type of SSL Certificate for a public website. This is sufficient protection for most standard websites.
Extended Validation certificates are the most secure certificates on the market. These are typically used by very prominent, popular companies. You’ll know them by the greenbar that is visible on the address bar when you’re on the website.
Why are SSL Certificates Helpful?
In years past, SSLs were commonly used on pages requesting sensitive information, like payment gateways or login pages. The iconic padlock next to the HTTPS in the browser bars let visitors know they were in a safe internet zone. However, effective January 31, 2017, Google Chrome threw a wrench into that system. No matter what your industry, what your website topic, or what level of security would normally be standard for your web page, Chrome will now display a small circle with the letter i in the center on the address bar or a big, fat “Not Secure” on that same line, effectively letting your web traffic know your site is not trustworthy if you don’t have an SSL. Thanks, Google.
The circle with the lowercase letter i is something website visitors can click on, and it will tell them that the connection to this website may not be private. It will also urge them not to share any information while browsing there.
Sometimes, with the big, fat “Not Secure” warning, Chrome will restrict browsing completely, warning you “This website may not be safe” and urging you to return to safety by hitting the back button. It’s a serious hindrance to visitors who aren’t familiar with the technical details of an SSL.
So while you technically may not “need” to have that extra encryption layer on your website, (like if your site is only meant to be viewed, and sensitive data will not be transmitted at all) you may want to get one anyway so your visitors aren’t leary of spending time on your site.
An SSL Certificate can impact many things.
SEO / Page Rank
Google gives rank authority to websites with SSL Certificates over those that don’t. Basically, if you put your good foot forward and show search engines that you’ve added the encryption layer, they determine that your site is safer than your competitor’s who doesn’t have the encryption layer. So even if you’re not collecting emails or payments on your website, a simple Domain Validation SSL can make a positive impact on your page rank.
Overall Impression of your website
So replace the little circle and i or the flashing neon Not Secure banner on your visitors’ address bar with a big, fat lock and green Secure label. This will show up after you install an SSL Certificate.
While your website visitors probably never had a reason to distrust you, per se, seeing a green Secure right next to your business’s domain name will only further validate their trust in you. And even more so, to those of you overachievers getting an Extended Validation certificate, the greenbar screams trustworthy.
Let’s be real for a minute. An SSL Certificate will not prevent your website from being hacked. I repeat: An SSL cannot protect your website from being taken over by hackers and littered with malware.
The best way to prevent that is through good, consistent website maintenance. Not sure what that is? Read all about it, then schedule a call with me to discuss it further. I’d be happy to talk to you about initiating maintenance for your website. It’s way cheaper than paying someone to scrap your website and scrub your server after a hacker has setup shop on your domain.
Getting an SSL Certificate
Hopefully by now, I’ve convinced you to grab one of these for your website property. So here’s how you do it.
- Get in touch with your hosting provider, such as Namecheap, GoDaddy, DreamHost, etc.
- Purchase the SSL that’s right for you
- Reach out to a website designer / developer to help you install the SSL properly. You’ll want to make sure the secure layer is forced over the unsecure (HTTP) protocol. It’s also important to make sure you don’t end up with the dreaded Mixed Content error, which throws another red flag at Google.
If you’d like to talk to me about getting an SSL on your website, shoot me an email.