SSL – What You Need to Know

Even if you don’t know what SSL is, you probably use it every day. For example, every search you do in Google is protected by SSL. It’s a security technology that encrypts information sent over the internet.

You can see it in action by looking at your browser. Firstly, you’ll probably have a padlock beside the address of the web page you’re visiting. If the padlock is closed, the website uses SSL.

You can also tell whether a site uses SSL by looking at the website address. If it’s HTTPS (instead of HTTP), the website uses SSL.

What about using SSL on your own website though? Let’s start exploring this by first looking at how SSL works.

What is SSL?

The abbreviation stands for Secure Sockets Layer. That sounds complicated, and the technology behind it is, but the concept is simple. It involves protecting data your customers enter on your website while that data travels across the internet to your server. It does this by encrypting the data so only your server and the user’s browser can read it.

This is important because without SSL, data can be intercepted. This is known as a man-in-the-middle attack. In fact, it’s surprisingly easy for attackers to intercept web traffic that’s in transit. This could be anything from credit card details to the message typed into a form on a contact page.

The reality is most websites processing credit card transactions, or that have sensitive data of any kind, already have SSL technology in place. If yours doesn’t, you should implement it immediately.

You should also consider implementing SSL if you don’t process credit card transactions. There are several reasons for this, including the way Google treats sites with SSL.

Google Chrome and SSL

Chrome is Google’s popular web browser. At the start of 2017 it began displaying the SSL status of websites differently. Instead of simply displaying the open padlock with an option to click for more information, it now displays the warning “Not secure”. This applies to all pages that collect passwords or credit card information.

Google plans to make this warning even more visible, and it has indicated it will roll this policy out on all website pages, including those that don’t collect passwords or credit card information.

This presents you with a user trust issue – if you don’t have SSL, Chrome will tell visitors to your website that it’s “Not secure”. That on its own is a good reason for implementing SSL on your website, but there are other benefits too.

Benefits of Using SSL

  • User confidence – we’ve already highlighted above the issue of trust in relation to the way Chrome treats websites that don’t have SSL technology. There are wider confidence issues to consider, however. Website users have become very savvy and they understand the importance of encryption. You’ll increase the confidence of your users by implementing SSL.
  • SEO – Google said in 2014 it treated SSL as a ranking factor, albeit a minor one. Even though the effect is minimal, having SSL on your website can help improve your website’s ranking in search results.
  • Speed – because your website will load on users’ browsers using the newer HTTP protocol if you have SSL, it will load faster for most users.
  • Security – the encryption of data while it’s in transit also offers considerable security benefits, protecting your information and the information of your users.

SSL Myth Busting

  • HTTPS is expensive – nope. In fact, you can get SSL technology on your website for free from sources like Cloudflare and Let’s Encrypt.

Read more about Speeding Up WordPress Websites Using Cloudflare

  • HTTPS is slow – already dealt with this one above. The reality is your website will usually run faster with SSL.
  • HTTPS is only needed for ecommerce – SSL is important for a much wider range of websites, and there’s a general shift of the whole web to SSL.
  • HTTPS needs a dedicated IP – there are a lot of benefits of having a dedicated IP, but the ability to get SSL technology on your website is not one of them. You don’t need a dedicated IP.
  • Free SSL certificates are not as secure as paid ones – this one isn’t true either. You may get more features with a paid SSL certificate, but paid and free offer the same levels of security.

Things You Should Remember After Installing an SSL Certificate

Once you have your SSL certificate in place on your website there are a number of things you should do to ensure all pages on the website still function properly and can still be found in Google.

Here’s a post SSL installation checklist:

  • Check broken links – internal links on your website might break when you install an SSL certificate. It is, therefore, a good idea to search for broken links and fix them. You can use a tool like Screaming Frog’s SEO spider to help you do this.

  • Fix mixed content issues – users get mixed content warnings in their browsers when a page on your website has both secure and non-secure content. Mixed content issues can negate the benefits of SSL so you should fix them. There are a number of tools available, both paid for and free, which will scan your website to find pages with mixed content issues.
  • 301 redirect – setup a permanent redirect (known as a 301 redirect) on the old HTTP pages of your website, directing browsers and crawlers to the new HTTPS versions. Make sure you do this for addresses with and without “www” at the start.
  • Google Search Console – make sure you set up the HTTPS version of your website on Google Search Console.
  • Robots.txt – update your robots.txt file so the URL of the sitemap uses HTTPS.

SSL-robots.txt

SSL server test for lumospark

SSL is robust technology that is here to stay. It makes sense to implement it on your website.

Audit your site