Should I get SSL? Yes it’s time to make the move

Why you need SSL

Keep your data secure

A few months I needed to visit my bank to get some clarifications. As this was not a teller issue, I had to wait for a banker. Imagine my horror when the banker arrived and pulled up all my details on a monitor that faced the public. My details were in full view of anyone who entered the bank. All anyone had to do, was take a quick photo of the screen and they would have had all my account information.

This banker had no clue about privacy or how to keep my information secure.

This is what SSL is all about. In simple terms, it’s about ensuring that the data passed between your client and your website is kept secure. Now let’s get down to the nitty gritty.

What is SSL?

Or you could ask what is HTTP vs HTTPS? In technical terms SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server (which is where your website lives) and a client (i.e the browser which visitors use to access your website). SSL allows sensitive information such as credit card numbers, login credentials to be transmitted securely.

Normally, data sent between browsers and web servers is sent in plain text—leaving your website vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server, they can see and use your information.

Let’s look at that in layman’s terms. Anyone who uses the internet today, visits websites where you probably have to share a lot of your personal information. These days we do a lot of our shopping online which means we have to signon to the shopping website, add our personal and credit card info etc. All this private data that we provide needs to be encrypted so that it cannot be stolen or spied upon.

This is what SSL does. It provides the encryption algorithm to keep your data secure while it’s being transmitted from your client’s browser to your web server. Have you noticed your bank’s website URL? You will always see that the URL starts with HTTPS and not HTTP. This means that the bank’s website is being protected with SSL and has an SSL certificate. Let’s see what that means.

How do I know a site is protected by SSL?

The best way to explain it, is with an example.

How to tell if you site has SSL

This site is secure

As you can see the URL for Facebook starts with HTTPS and has a lock sign before it. This is the surest way to tell, that the site you are visiting is using SSL. If you click on the lock sign you will get more information about the SSL certificate that Facebook is using.

So what does this mean?

Every website that has SSL will be issued a unique SSL certificate to identify that website. Also most browsers will warn you if for some reason there is a problem with the website’s SSL certificate.

You probably asking why now?

Why has SSL become such a high priority? A while go, Google announced that they were adjusting their indexing to look for more HTTPS pages. What this meant  was that websites with HTTPS would get a slight bump in their ranking. Also this action by Google, might have more impact on your ranking in the future.

However more importantly, starting January 2017, the Chrome browser will start alerting users to any website that accepts a username and password as NOT secure if it’s not a HTTPS website. And, Chrome developers  plan to get a lot more pro active in their alerts for normal websites (i.e websites that do not accept any user information) too.

What this means is, if you accept a user name/password on your site for a membership or an online shop etc. Chrome will flag your site as ‘NOT Secure’ if you do not have an SSL certificate. This message is not something you want your clients/prospective clients to get when they visit your site. This is Chrome’s way of pushing every website to have an SSL certificate and more importantly get secure.

So I definitely recommend that you move to getting an SSL certificate, even if your website currently does not accept any user information. Also remember having SSL means that your site is secure–which is very good thing. We now need to figure out what to do next.

How do I get SSL?

Most small businesses are on a shared hosting plan, where you don’t have access to the web server root. So we’ll talk about how to go about getting SSL for your shared hosting site.

Previously the options for getting SSL were limited and there were only paid options. Today many hosting providers already provide SSL So the very first thing to do is check with your hosting provider. Many hosting providers such as SiteGround, DreamHost, WP engine provide a free SSL certificate. All you need to do is install it through your website’s cPanel. Most hosting providers that offer a free SSL  use Let’s Encrypt.

Let’s Encrypt is a free open certificate authority started to make it easy to get websites secure and for free. With that in mind they have integrated with many hosting providers. You can check if your hosting provider supports Let’s Encyrpt here.

If your hosting provider doesn’t integrate with Let’s Encrypt but supports uploading third party certificates, you can go about doing it manually. However I don’t recommend this option as it will become very time consuming as you will need to repeat this manual process every three months which is when the Let’s Encrypt SSL certificate will expire. That’s why I do not recommend adding a Let’s Encrypt SSL certificate manually. When a hosting provider provides a free SSL through Let’s Encrypt they make it easy for you by auto renewing the certificate.

Your other options would be to either change hosting providers or if your hosting provider is offering a paid SSL certificate then just buy it from them. Keep in mind that there are different types of SSL certificates such as:

  • DV: Domain Validation
  • OV: Organization Validation
  • EV: Extended Validation

I have written an article on the different types of SSL certificates and what will work for a small business owner.

Got SSL am I done?

Once you have installed SSL there are few additional steps that you need to take.

  1. Ensure all your URLs  are redirected to the HTTPS URLs. This can easily be done by adding the Really Simple SSL plugin or by adding a few lines to your .htaccess file.
  2. Update your Google Analytics(GA) setting. When you created your GA account, your website would have been setup with a HTTP URL this should now be changed to a HTTPS URL.
  3. Get google to re-index your site through Google Search Console (previously called Google Webmaster Tools). I recommend you setup a new entity for your HTTPS site and add a new sitemap for the new HTTPS site.

So yes now it’s SSL time

Don’t be like my banker who didn’t have clue on protecting my information. BTW, I filed a complaint with my bank. A senior bank manager apologized and assured me that their staff would be better schooled in security and privacy. Now it’s time for you to secure your website, time to get a SSL certificate for your website. And prevent Chrome from complaining about your website to your clients.

So contact your hosting provider, find out what they have to offer. Ask them if they support the free SSL from Let’s Encrypt. If not ask them what other options they provide. And get your website a SSL certificate.

Don’t forget once you get your certificate,  to make sure you redirect all HTTP URLS to HTTPS and get your Google Analytics and Google Search Console set up right.

Also do read on more ways to keep your WordPress site secure.

Need help in getting your site secure?

Do you need help in getting a SSL ceertificate? At StressLessWeb we take on all types of website development from designing a bespoke website to plugin development and ad-hoc work. Anything that will reduce your website stress.

With that in mind, we have launched the StressLessWeb SSL Service Package. Let us take on the grunt work and get your website SSL certified hassle free.

Have a question? Contact StressLessWeb. I look forward to answering your questions.

Announcing new Products & Services from StressLessWeb

We recently started offering website maintenance services to our existing clients. If you are not an existing client but are interested in availing of this service, contact us to see how we can help you.

Do you use Simple:Press? We have a new e-book out to help your Simple:Press members get started.