For the longest time, it seemed that you only needed to use Secure Sockets Layer/Transport Layer Security, commonly known as a SSL Certificate, if you were a financial institution or taking credit card payments online.
But in recent years, we’ve started to see more and more sites that don’t have anything to do with eCommerce run their sites in https (or secure) mode.
Why, you ask? Two big reasons:
- The rise of malware and identity theft. SSL encrypts the connection between you and the website you’re visiting, making it more difficult for evil-doers to steal a credit card number, password or other personal info.
- SSL certificates are much more affordable than in the past, making it much more budget-friendly.
A New Reason to go all-in with SSL: Google Chrome
The release of version 56 of Google’s Chrome browser will subtly let you know if the site you’re on isn’t secured via SSL. Check out this article from Wordfence for more details.
To some degree, Google is using its position of dominance to push their own agenda (no surprise there). For sites that have nothing more than your standard contact form, it’s debatable whether or not SSL is all that important.
But, as your parents always said – safety first. SSL provides security benefits both real and imagined. On that second point, just seeing the green browser lock will inspire a bit more confidence as to the legitimacy of your website. So, in that way, even a site that takes no user information through logins, forms or shopping carts can benefit from SSL.
And, if you run WordPress or another content management system, SSL will also secure your connection as you update content or other administrative tasks.
How to Implement SSL
The first thing you’ll need to do is purchase a SSL certificate. These can be had from several companies, but it is often easiest to purchase through your web hosting provider, as they tend to automatically bill you (they renew every year – just like a domain name).
You can expect to spend somewhere in the range of $50 per year (or less, depending on the provider) for a lower-end certificate (higher end certificates often have a few more features and a stronger level of encryption). Basic certificates are fine more most non-eCommerce sites.
There is also a free SSL certificate provider called Let’s Encrypt. It’s a great deal but has one caveat: If your web host doesn’t support its automated renewal (which happens several times per year), then it’s going to be incumbent upon you to make sure a new certificate is installed on your server each and every time. If your host DOES support it, everything happens automatically while you sit back and watch Netflix.
Here’s a list of web hosts who support, or plan to support Let’s Encrypt »
Regardless of how you obtain your certificate, running your site in SSL is generally pretty simple. It requires the web host to install the certificate (they will usually do this, even if you don’t buy it directly from them).
After installation, a few tweaks will need to be made to your site to ensure it works properly. Usually, it’s a matter of cleaning up links to use “https” instead of “http”. That is something your handy web professional can help you with.
Hosting with me? Let’s get you secured!
If you’re currently hosting your website with Eric Karkovack Web Design Services, LLC, feel free to contact me about adding SSL to your site, today.