SSL is mainly used to protect credit card transactions and login credentials. However, it is also becoming an essential feature for installation on just about every website. Google won’t mark an SSL-protected website as insecure and will increase its SEO ranking. Visitors will consider such websites to be trustworthy. SSL also protects sites against phishing attacks aimed at intercepting data. In this article, we answer 8 common questions about SSL to help you decide whether or not you need an SSL certificate installed on your site.
1. What is an SSL certificate?
SSL (Secure Sockets Layer) is a protocol that encrypts data and creates a secure connection between a web server and a browser; i.e., SSL protects communication between a website and a user. The information they are exchanging is unreadable by the Internet Service Provider, WI-FI administrator, and others. It ensures that login credentials, credit card details, and other sensitive data are encrypted.
When a website has an SSL certificate installed, its address will begin with “https” instead of “http”, where the “s” means “secure”. In addition, most browsers will show a green lock icon. As an example, look at the address bar of this page: Dizzain.com prefers to use secure connections.
2. Is SSL really necessary?
Typically, SSL certificates are installed on pages that are used to submit confidential information. Pages with addresses that start with “https” are usually used to make payments or to provide private information in online forms. If you plan to accept payments by credit card on your site, you will be required to use an SSL certificate: payment systems won’t let your clients pay without protecting their data.
It is becoming increasingly common to encrypt not only individual pages, but also entire websites, mainly to provide security and enhance visitor trust. All of the sites that the Dizzain team has recently developed have SSL certificates. In addition, 60% of our former clients who we continue to support have encrypted their websites.
3. When is SSL not crucial?
An average blog or simple website with no products and no forms to fill with sensitive data usually doesn’t need to be encrypted. However, if you care about your page ranking and want to engage more visitors, remember that Google is a big fan of security and boosts rankings for pages that use HTTPS.
According to Daria Tokareva, chief SEO consultant from Seologist: “Accessorizing” your website with SSL enhances your voice-search appeal and increases your chances of ranking high for “OK Google” searches! With Voice Search projected to take over Keyboard Search in 2020, it is high time you start taking this small, but important step of switching to HTTPS, to get a competitive advantage over your online competitors when Voice Search time comes.”
4. Why is it important to install an SSL certificate?
First, it keeps data secure. By creating a secure connection between servers and browsers, it protects the information submitted by users including login information, passwords, email addresses, and, of course, financial information such as credit card details. Neither the visitor nor the website owner want to have this data compromised in any way.
Second, it increases the SEO rank. Google wants everything on the web to be protected and recommends the use of SSL to keep sites and users safe. Google’s Chrome browser indicates whether websites’ addresses begin with “https”. If you use Chrome, you may have received a “Not secure” message instead of being connected to a home page as you had expected. To encourage the installation of SSL certificates, Google increases the search rankings of websites with an encrypted data flow: it doesn’t matter whether or not your website actually collects confidential information.
Finally, an SSL certificate promotes visitor trust. A survey conducted in 2014 by the certificate authority and service provider GlobalSign found that over 9 of 10 users were more likely to trust a website if it displayed security indicators. Furthermore, almost a third of website visitors look for a green lock in the address bar.
5. Are there any disadvantages of using SSL?
Currently, there are few compelling reasons why you would not want to install SSL for your website. One possible drawback of using SSL is its cost. Usually, you will need to buy an SSL certificate. The price will depend on how many domains and subdomains the certificate covers and which level of identity verification you choose. Also, you will need to renew your SSL certificate periodically. When it expires, users will receive a message that the website is no longer secure (this can also happen when an SSL certificate isn’t installed correctly).
In the past, websites that used HTTPS were notorious for loading slowly. Therefore, SSL certificates used to be installed only for payment pages. However, today, we no longer need to worry about speed limitations.
6. Will an SSL certificate protect my site from hackers?
Websites with encrypted data can be attacked as often as those without encryption. SSL certificates don’t protect sites from being hacked; they prevent data from being intercepted, such as through a phishing attack. You may click on the link to a cloned website which can persuade to fill in forms with sensitive information such as login information and passwords, mobile phone numbers, addresses and financial information.
How to secure a WordPress website from hackers find in one of our posts.
7. How can I install an SSL certificate?
A certificate authority (CA) can issue an SSL certificate. You can buy your certificate from a company you trust, including the host where you registered the domain. It is possible to get a free certificate as well. For example, a certificate from Let’s Encrypt is trusted in most browsers.
Both free and paid certificates have the same encryption level but vary in the kind of technical support. Having necessary skills, you can install SSL on your own. A commercial CA will implement a certificate for you.
There are three main stages of buying and installing an SSL certificate. First, you need to generate a CSR (certificate signing request). CSR is a message you send to a certificate authority to validate the information for issuing SSL in order to purchase it. Second, after submitting CSR, you verify the domain by clicking on the link in the email, and the CA creates your certificate. Finally, you can install an issued certificate and update your site to use HTTPS.
Several hosts automated the process of SSL installation. For example, WP Engine offers different options to secure a site. You can install a free certificate from Let’s Encrypt, or paid domain-validated RapidSSL one, or a certificate you already have or want to buy from third parties. By the way, the certificate issued by your host will renew automatically after expiration.
8. There are different types of SSL certificates. Which one should I choose?
Different types of SSL certificates allow you to choose exactly the features you need. While each type of certificate provides the same level of encryption, they vary in the number of domains and subdomains you have, how the certificate authority checks your identity, and, of course, the price.
The website with no an SSL certificate installed
The most common types of certificates are Domain Validation, Organization Validation, and Extended Validation. Different certificate authorities may have more options. For example, a SAN certificate (that means “Subject Alternate Name”) can be used to secure multiple domains; i.e., www.yourwebsite.com, www.yourwebsite.net, and www.blog.yourwebsite.com can be protected with a single certificate.
Depending on the type, a typical SSL certificate is usually issued within just a few minutes, but the process can take up to several hours.
Domain Validation – provides encryption and confirms that you are entitled to use a domain name. Usually, this type of certificate has the lowest price and is the easiest to implement.
Organization Validation – the certificate authority checks whether you have the right to use a specific domain and confirms your company’s information. If a user clicks on the secure site seal (indicator in the address bar), they will be shown the name of who owns the site.
Extended validation – confirms your right to use a domain name with encryption and displays the company name directly within the address bar (to the left of the URL). Users don’t need to click on the secure site seal to see the company name.
The Dizzain team can provide everything you need to correctly install an SSL certificate, including advice on what type of certificate you need.