What the Hell is SSL?

(AND WHY YOU NEED TO HAVE AN SSL CERTIFICATE)

What is SSL?

First off, apologies for the title but it’s a question we have been asked more and more over recent years and it’s quite often in these kind of terms, plus it’s catchy and rhymes.  Aside from that though having an ssl certificate is now an ever increasingly important factor for your website, having numerous benefits and literally no drawbacks as detailed below.

Technically SSL stands for secure sockets layer but in practical terms it means 2 things

  • your website will start with https:// instead of http://
  • any information transmitted between your website and users passes through an encrypted layer in the background keeping their data safe.

As a very brief overview that covers what SSL is but what’s more important is why you need to use it and the benefits of SSL.

Before we go into that though lets start with the downside of using SSL which nowadays can easily be summarised as – NONE! Although in the early days there were drawbacks to using SSL such as relatively high costs for certificates, possible slowdowns to the site load due to the extra security layer being applied and higher costs due to the technical application of SSL this simply isn’t the case anymore.

In short there just isn’t any reason to not have SSL running on your site (we’ll address the former downsides listed above in the benefits of ssl section).

The benefits of using an SSL certificate and why you need to have one.

  • For most people and businesses adding SSL to their site is now free of charge (* see note on private / vanity SSL certifcates below) – this is due to a huge movement which is heavily supported by most of the internet giants called LetsEncypt which allows you to get a free SSL certificate for your site.
  • HTTPS traffic is now significantly faster than http traffic due to advancements in technology so your site will load faster (which Google and other search engines loves and count towards your SEO ‘score’). You can see an example test of that here – https://www.httpvshttps.com/
  • HTTPS protects the data between your site and clients which increases trust.
  • HTTPS is taken as a positive SEO signal by Google and other search engines.
  • HTTPS helps to satisfy PCI requirements (dealing with online payments).
  • HTTPS is now becoming the norm and people trust it much more.  Some sources state that 85% of shoppers won’t buy goods on an unsecured site.
  • Not using HTTPS is becoming an increasing liability with many browser like Chrome and Firefox displaying ever more insistent warnings that the site is not secure (see section below).

Browser signals of whether your site is secure

Most of the major web browsers such as Chrome (incidentally this browser accounts for almost 60% of total web traffic so it’s a very big deal) and Firefox have displayed warnings on non secure sites for quite a while, however, these are gradually being stepped up to be more and more obvious and insistent, especially if any data has to be entered in any type of form – even the humble Contact Us form.

Providing you have a valid HTTPS setup then the address bar will show this as per our example below

Below is an example of how Chrome will treat sites that are still using http with particular reference to when entering data – this clear signal of the site not being secure is enough to put a very high number of people entering any data, even simple details such as name and email address.

Private / Vanity SSL Certificates

As explained above for the majority of small business you can get an SSL certificate for free that will be perfect for your needs and bring with it of the advantages above.  However, if you do this then you will get a generic ‘Secure Connection’ in the browser as shown below.

If you wish though you can purchase a Private / Vanity SSL certificate and once configured this will show in the browser instead as shown in the example for GlobalSign below.  Prices to purchase a certificate vary tremendously from around £40 per year through to £hundreds depending on what is required and unless you have good reason it’s probably not worth the extra complication.

What should you do if your site doesn’t use https / SSL?

Hopefully the reasons listed above give a pretty compelling reason why all sites should now be using and as there aren’t really any downsides there is no reason not to! As of June 2017 over half of the internet is now running on https and this figure is set to continue to rapidly increase.

If your site doesn’t have an SSL certificate you will need to speak to your web company/ hosting provider or alternatively contact us.

I think I’ve got SSL but it doesn’t seem to be working properly?

Even if you do have SSL then there can still be issues if it hasn’t been implemented properly or for numerous other reasons but whatever they are you will want to get it sorted as soon as possible.  It is most commonly caused by something known as Mixed Content as an example this maybe where you store images off your website (like on another site that isn’t secure and then link to them).  In cases such as these the browser will show a warning as given in the example below.

Most of the the time it’s better to contact your web developer / hosting company or of course contact us and we’ll be happy to help.  If you do want to investigate it yourself then a very useful site is https://www.whynopadlock.com/ which will scan your site and help track down the culprit.

Why Use WordPress?

Why Use WordPress?

Five great reasons to use WordPress for your website, blog or e-commerce store. Over 65 million WordPress users proving it’s doing something very right.

read more