The Myths and Benefits of SSL

The Myths and Benefits of SSL
  • 26
    Aug

The Myths and Benefits of SSL

All you need to know about SSL

After years of threatening website owners, Google has finally done it and has started to hit websites without SSL encryption where it hurts – namely their SERP (Search Engine Results Page). If you have not felt the pain yet, don’t worry as soon enough you will!!

To pile on more pressure, Chrome Browser (yes the one made by Google) and Firefox (nothing to do with Google), have started to warn users about non-encrypted websites when users visit them.

So let’s examine why this is important and why you need to take action.

What is Encryption?

Encryption scrambles the content of transmission between the user’s browser and the website server, hence makes it more difficult to eavesdrop on the transmissions.

When websites are not encrypted the page content from the server and requests from the device’s browser are sent in plain format, so anyone who manages to intercept your connection can see what is being sent back-and-forth between the device and the server.

This is particularly important when you are buying goods and services online, hence transmitting information such as your credit card details, personal information (DoB, home address, etc.).

Encryption ensures this information is much more difficult to intercept and capture.

What is SSL?

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server (in this case the website) and a client (visitor’s browser).

When a website is using SSL, the addresses show HTTPS instead of HTTP. This indicates that your connection is encrypted or “Secure”. The visitor will also see a Green Padlock in their browser address bar to give them peace of mind.

Can SSL stop my site from being hacked?

In a word “NO”!

The purpose of SSL is to secure the transmission and not the website. Website are hacked using software vulnerability, as well as poorly secured server connection such as FTP. SSL does not have any impact on these aspects of your websites

What are the Benefits of SSL?

SSL or encryption protects the exchange of information between users and servers, hence there is less likelihood of eavesdropping and gathering of information by bad actors.

For this reason any website that exchanges personal information should use SSL to secure and protect visitors to the website and users of the services.

Are there different types of SSL?

There are different types of SSL from simple encryption to those who also provide “Anti-Fraud” insurance.

  • Shared SSL – This is when a single certificate is shared across all websites hosted on a server. This type of SSL are not sufficient for the use in financial transactions. Google also does not see this sufficiently secure as to use shared SSL you need to use a subdomain such as secure.mydomain.com instead of mydomain.com. HTTPS is only shown when you use secure.mydomain.com other wise HTTP is used for the URL and Green Padlock symbol does not show up in the browser.
  • Simple SSL – These are dedicated certificate issued to specific domain. Usually the free SSL services do not include insurance against fraud, however, for websites that do not deal with money transactions including credit card payments, this type of SSL certificate are perfectly adequate. HTTPS is used in the URL and the Green Padlock will show up in browsers.
  • Extended SSL – These certificate use 128-bits to 256-bits encryption, with EV (Extended Validation Certificate), Clickable SSL Certificate Site Seal with verification of company name plus date/time stamp, and anti-fraud underwritten warranty. These are ideal for high value item E-Commerce sites.

How to obtain SSL?

If you have shared hosting or cloud hosting, you need to get your SSL from your Hosting provider. Some hosting companies such as Cognisant Hosting provide SSL certificates free of charge. You can get Enhanced or Extended SSL with insurance against fraud to get further protection and offer more peace of mind to visitors. However, this is really only necessary where you have financial transaction such as e-commerce, or any site that uses online payment.

If you have a Dedicated Server or VPS (Virtual Private Server), you could purchase your SSL certificate from any source and install it on your server.

How to install SSL?

Usually your hosting company does this for you, but you need to do further changes to your website to ensure you replace all HTTP references to HTTPS. These includes URLs, Navigation Keys, Images, Forms, JavaScript, or any other Scripts you use on your website. If you fail to do this, visitors will get “Mixed Content” warning on their browsers, which understandably may make them feel nervous, but also Google does mark the page as “Unsafe”.

How do I get help?

Comments are closed.