Why You Must Have SSL for your Website

SSL is a must for your website

If you have a website, you must have SSL on your website. If you’ve never heard of this term, it stands for Secure Socket Layer and it is a means to provide security and authentication for your website.

SSL is a must for your website

Why SSL is Important

Let’s say that you are at a Starbucks and using their free wifi. You log onto your bank’s website to check your balance. If your bank’s website doesn’t use SSL, then your login information – username and password – can easily be intercepted by someone who is eavesdropping on the network. It is because your login information is sent over the network in a clear text format without being encrypted. If the bank has SSL in place, then your information is encrypted and even if someone listened to the network, he/she would not be able to obtain your sensitive information.

Even if your website does not allow users to log in, you may still have a form such as contact us or download a case study or whitepaper where users can provide name, email, phone number, and/or address. These are all sensitive information that must be protected.

SSL Provides Security and Autenticity

In addition to providing encryption mechanism, SSL also provides authentication. When a visitor visits www.lnidigitalmarketing.com, how do they know that this website is owned and run by the real LNI Digital Marketing company and not some fake person or organization who pretends to be LNI Digital Marketing? SSL tells visitors that the site is safe and actually belongs to the real LNI Digital Marketing and it is verified by a 3rd party SSL provider. SSL providers are usually big, reputable corporations that issue SSL to you – you purchase it – and tell the world ‘hey, www.lnidigitalmarketing.com is safe and authentic.’

You can have SSL on your website and it’s done so by purchasing an SSL certificate from companies that specialize in security such as Verisign or Symantec.  And you can easily tell if a website is on SSL – giving you a sense of security as you or your visitors interact with a website.

Anatomy of SSL Certificate

Let’s take a look at a sample website – Bank of America – and see what you can find out from their SSL.

Anatomy of SSL certificate
Figure 1. Bank of America SSL certificate details
  1. When you see this text in green color, it means that the site is protected with SSL.  Sometimes it will say “Protected”, other times it will have the name of company.
  2. When you click on the green text, you can navigate to the Certificate popup window as above.  This information tells you what the SSL certificate is intended to do.
  3. The website the SSL certificate is issued to.  This information provides authenticity to visitors.  This combined with “Issued by” tells the world “hey, I am who I am – Bank of America – and it is verified by Verisign.”
  4. The organization that issued the certificate.  This can be anyone from Symantec, Verisign, Thawte, Digicert, or GoDaddy.
  5. How long the SSL certificate is good for.  SSL certificates can be valid for anywhere from one to couple of years.  In practice, I’ve seen that one year is a good term as it can allow you to make any changes after one year before renewing for another year.

SSL is Good for Marketing too!

SSL is not only about providing security and authentication to your site visitors but it’s also good for marketing too.

There’s been some studies and case studies in the SEO community – for example, this – and there was a correlation between sites that ranked well on Google searches and the sites that were using SSL.  When comparing sites that performed well on Google searches against sites that did not do so well, the majority of top 15 sites were using SSL.  This is fully validated by Google saying that they will give a major search engine boost to websites using this additional security mechanism.  You can check it out from their 2014 blog post.

What should I do to get SSL for my site?

If you don’t have SSL on your website, then you should reach out to your web developer, administrator, or hosting company.  It should be fairly quick and easy to install.  For example, our hosting provider provides an easy-to-use cPanel dashboard where we can deploy SSL in just a few clicks.

The costs for purchasing SSL certificate can be anywhere from free to thousands of dollars per year.  If you have an e-commerce website where customers will be providing credit card information, then you should spend some money and get a certificate with strong security.  If it’s not e-commerce or doesn’t deal with highly sensitive information, then free certificate will do the job.

Free SSL for your site

Back in the days, “free SSL certificate” was something that was unheard of.  However, there is an initiative called LetsEncrypt (https://letsencrypt.org) backed by big organizations such as Mozilla, Cisco, Google, and Facebook.  The goal is to make web a safer place by providing free SSL certificates and make it extremely easy to install them on a website.

Free SSL for your site
Figure 2. LetsEncrypt provides free SSL

Our hosting provider – Siteground – uses them and I have been very happy with it so far.

Once you obtain SSL certificate for your website and it is enabled, you need to make sure that all the resources on your website are properly using the new protocol.  This requires going through code and replacing anywhere where http is hard-coded and change them to use relative links.

Let me know if there are any questions about SSL migration.

Leave a Reply

Your email address will not be published. Required fields are marked *