Learn what SSL is and how KMS can help
Every website needs SSL.
It used to be that only websites that sold something (credit cards) needed SSL. Then it was websites that collected private information from your visitors (even just a signup form, asking for their email address was enough). In July 2018, the Chrome browser started flagging all non-secured websites as “Not Secure”. In addition to that, Google now deranks non-secured websites.
SSL is not all you need to secure your website
SSL is not the final answer in securing a website, it’s the first step. An absolute. Like I said, every website needs SSL. SSL does encrypt information sent from your website to your web server, and vice versa. But please note that other security measures must be in place as well for a full security panel of elements.
SSL is not really SSL anymore
Besides all that, SSL is changing. It changes all the time. For example, we call it SSL, but did you know SSL is really only an encryption protocol, and that NO ONE uses SSL on their web servers anymore? They are actually using a protocol called TLS 1.0 or 1.1, and TLS 2.0 just got published, and is even more secure. Web servers will begin switching over to 2.0 soon.
What is SSL?
SSL stands for Secure Sockets Layer. Technically, it stands for Hypertext Transfer Protocol Secure, which is the https:// in front of your domain name in a browser. It’s the standard technology (encryption) for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information).
It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.
TLS (Transport Layer Security) is the updated, more secure, version of SSL, and that we all use. We still refer to our security certificates as SSL because it is a more commonly used term. (No one actually uses the SSL technology anymore). SSL or TLS is actually a certificate, and the details of the certificate, including the issuing authority and the name of the website owner, can be viewed by clicking on the lock or “i” symbol on the browser bar.
What does SSL look like?
This is an example of what I’ll call a basic SSL certificate:
This is an example of what an extended SSL certificate looks like:
In both cases above, you can see the green padlock in the browser bar, telling you that the site has encryption.
Examples of non-secured sites (as of the time of this writing):
What are the reasons you need SSL?
SSL means encryption
The information sent between your website and your visitors can’t be seen or accessed by middle men hackers. Please remember however, that SSL doesn’t mean you have a hack-free website; other elements such as a website care plan helps immensely.
SSL means credibility and trust
Your website visitors know that sites are going to the green padlock. They’ll wonder why yours doesn’t have it. In fact, when choosing between a secured site and an unsecured site, a visitor may just bypass you. Your visitors expect safe browsing.
SSL means SEO
Google prefers websites with SSL, and will rank them higher than those without. They don’t care if your site doesn’t take credit cards; google says all sites should have them.
What do SSL certificates cost?
Many hosting companies now offer free SSL certificates. If not, a basic SSL certificate can be purchased for about $100/year. The free version works for most of my clients. There can be pitfalls; some hosting companies will not allow an outside SSL to be applied. SSL certificates can get complicated if you have sub-domains under your website (like store.domain.com) or multiple sites under your hosting account. Please note that extended SSL certificates are a much more stringent and time-consuming process, and typically cost more (i.e. $250+/year).
Can KMS do this for me?
Yes. I can set this up for current clients or not, but your site must be built on WordPress. I would first start with your hosting company (free), and go from there. If you need to purchase one, or you need an extended SSL, I can help you obtain and apply your SSL certificate. It often takes an SSL up to 72 hours to take effect. I will need login credentials.
How much does it cost for KMS to set up?
KMS charges $59 to set up a free SSL certificate, and $89 to set up a paid certificate (SSL certificate is a separate, direct charge to you). In some strange situations, I will offer a full refund if for any reason I can’t complete the SSL installation.
If you’d like to hire me to get you up and running with SSL, or you have questions, please fill out the short form below:
Other security considerations
SSL certificates are only one small element to the total security you should apply to your website. Running regular backups, malware scans and all updates in a timely manner are just as important. KMS Website Care Plans can pick up where your SSL certificate leaves off. Read this article if you think you want to do it yourself.