Although SSL Certificates have been around for a long time, many people still don’t understand the importance of running them on their websites. Not only that, many of those who are actually running them believe that their websites are now fully protected because of it.
SSL (Secure Sockets Layer) is a security protocol that establishes a secured connection between a web server and a browser (end user). The goal is to protect the data passing between them by encrypting it and by checking the website authority.
This means encrypted credit card numbers, passwords, email addresses, usernames etc. That is why websites like Gmail, Facebook, Instagram and so on are all using SSL Certificates – to protect your data from being stolen by the attackers while in transit between your PC and the server.
But remember, this does not mean that your website is fully protected.
Encryption of data between your server and your visitor’s browser won’t protect your website from malicious code executions, outdated software exploits, database breach and so on. SSL only protects the data transiting between point A and point B.
In fact, there is an attack method known ans “SSL Strip” in which hacker gets in between the end user and the web server and downgrades HTTPS protocol to basic HTTP. This leaves the data without any encryption and therefore it becomes usable to the attacker.
There was also a security bug in the OpenSSL cryptography library, knowns as “Heartbleed”. It was introduced into the software in 2012 and publicly disclosed in April 2014. The Heartbleed bug allowed anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromised the secret keys used to identify the service providers and to encrypt the traffic.
The idea behind online security is not to get the virtual unbreachable fortress. There is no such thing and there will never be. The goal is always to reduce the potential attacker’s chances of doing anything malicious on your website, application or host.
We already mentioned that. This is the most important segment of SSL but it is not the only one.
For a while now, Google gives a small search ranking boost for websites using SSL. In short, if your competition’s website is at the same ranking level as your website, having SSL (while they don’t) might help you beat them in search result rankings.
Since July 24th 2018, Chrome version 68 and on are displaying “not secure” notification for users visiting HTTP pages (pages not using SSL). Mozilla Firefox also has this feature but it is on a more subtle level and average users won’t notice it.
However, that will probably change in the future by Mozilla following Google’s example.
Yes, SSL Certificates are 100% FREE thanks to Let’s Encrypt. “Let’s Encrypt” is a free, automated, and open certificate authority (CA), run for the public’s benefit.
This wasn’t always the case. SSL Certificates used to be fairly expensive for an average website owner and there was no free alternative. Even now, some companies are selling an expensive SSL Certificates, pretending that new era in SSL Certificate issuing isn’t here. But it is. It came with Let’s Encrypt and it is here to stay.
No matter where you are hosting your website, your hosting provider can and should provide you with free SSL Certificate. If you are having issues with that, you can contact us and we’ll be happy to help you. 🙂
There really is no excuse not to have SSL Certificate on your website. It makes your website visitors safer, their user experience better, your SEO ranking higher, it is easy to implement and best of all, it is 100% free.