Security should always be a high concern for your website, but do you need an SSL certificate?
Many people wonder if the information that they’re sending through the web is actually secure. With so many cyber attacks and hackers floating around the internet, it’s easy to think that your site (or the sites that you visit) are vulnerable.
However, many protocols take place in order to ensure a safe and private experience while online shopping, submitting confidential information, or just browsing the web. Secure Sockets Layer, or SSL, is one of these protocols that secures information being sent across the internet.
In order to better understand SSL, let’s first take a look at HyperText Transfer Protocol, or HTTP. HTTP is a protocol that web servers and browsers use to send data to each other. When you type a URL into the address bar, you are actually sending an HTTP command to the web server which will in return retrieve the website that you’re trying to access.
SSL is a cryptographic protocol that ensures secure communication over a computer network. To put it simply, SSL basically encrypts the data being sent between the computer and the server to make it impossible for a third party to read and process. Instead of just HTTP sending data, SSL combines with HTTP to form HTTPS, which is a secure way of sending data from one computer to another. You can check if a site is protected with SSL by seeing if it says ‘https’ before the URL in the address bar.
In addition to encrypting data, SSL certificates also verify that you’re sending data to the correct server. Accessing a site that has an SSL certificate helps the client know that they will be dealing directly with the site and that no other computer will be involved.
Now that you have a basic grasp on what SSL is, let’s take a look at an example:
Jake is browsing the internet when he comes across Midphase.com. As he is looking through the site, he notices that Midphase.com shows: https://www.midphase.com in the address bar and a green bar with a padlock next to it.
This is how Jake knows that the site he is buying from is secured by an SSL certificate.
Note: a padlock, a green bar, or ‘https’ in the address bar are all indications that the site you are visiting is protected by an SSL certificate. Here are a couple other examples of what it may look like in other browsers:
Mozilla Firefox – notice that Evernote displays a different SSL in the address bar. Https verifies a secure SSL connection.
Behind the scenes, the browser that Jake is using attempts to connect with the site that is protected by SSL:
- Jake’s browser will first verify that the site on the server is really what he’s looking for.
- Once the server identifies itself, it will send the browser a copy of its SSL certificate.
- The browser verifies the SSL certificate. If the browser trusts it, it will send a message to the server. The server responds back, confirming the encryption.
- Encrypted data will be sent back and forth between the browser and the server. If a hacker attempts to see the data, he or she will only see jumbled text that has absolutely no meaning.
This of course is a watered down version of how SSL works. Check out this detailed video if you’d like a more in-depth explanation of the intricacies of SSL.
Now that we’ve looked at how SSL works, let’s see if your site actually needs an SSL certificate.
If your site runs ecommerce, you absolutely need an SSL certificate. You don’t want potential buyers entering their credit card information into an unsecure connection. In fact, most experienced online shoppers stay away from any ecommerce site that isn’t protected by SSL.
The only exception to this is if you have your site set up so that your customers check out by using a third party such as PayPal. In this case, the confidential information will be sent to the third party rather than your site’s server.
If your site asks for confidential information such as email addresses, passwords or usernames, you’ll generally want an SSL certificate. This ensures that a client’s information is being kept private and will not be exposed to hackers. Here at WestHost, we suggest purchasing a SSL certificate in order to maintain a high level of trust between you and your site’s visitors. Note: WestHost Shared Business Hosting includes a free private SSL secure.
If your site does not ask for confidential information from a visitor, you are most likely safe without an SSL certificate. Blogs, for example, typically don’t require an SSL certificate since they are only displaying text and images. A photographer’s portfolio site is another example that doesn’t need SSL.
SSL can improve SEO, especially from google results. SSL will not automatically boost your site to the top of every search engine, but it can improve results.
If you realize that your site needs an SSL certificate, no problem. You can register for an SSL certificate with WestHost when purchasing web hosting services. You can also purchase from a third party if you prefer.
If you do wish to purchase an SSL certificate, or if you need to renew yours (yes, they do expire), then contact your web hosting provider’s technical support. WestHost clients can easily manage SSL certificates in their cPanel.
WestHost provides 24/7 support to help you renew your SSL certificate anytime you need!