SSL Certificates – Are They Really Necessary For My Website?

 

In recent years there has been a growing debate on just how important SSL certificates are, and whether or not they are needed for every website. Google itself have recently stated that they are beginning to prioritise secure websites (https) over non-secure websites (http) in their search algorithms. This is all part of Google’s wider campaign to encourage safe transmission of all information across the web. Whilst they claim such preference is only minimal, a number of companies are now paying more attention to the importance of SSL security, with several other big name corporations such as WC3 and Facebook encouraging every website to use SSL encryption.

What is an SSL Certificate?

An SSL (secure sockets layer) certificate is a digital certificate that both authenticates the identity of a website, and encrypts sensitive information so that any passwords, addresses or credit card numbers can not be intercepted or read by anyone other than the intended recipient.

How they work

In the same way that we use keys to lock and unlock doors, SSL certificates use keys to validate and protect sensitive information. A certificate signing request or CSR must also be created on the server. This creates a pair of public and private keys. The public key is used to encrypt (lock) the sensitive information, whilst the private key is used to decrypt (unlock) the information provided and restore it to its original format so that it can be read.

Why are SSL Certificates important?

When you use a website http messages are flying around over the network.  When you fill in a contact form or simply click a link a small packet of information in text format gets sent over the network by your computer.  If you put your email address into a contact form and hit submit the packet of information (very similar to a plain text file) will contain your email address within it.  This packet will then get sent to every machine on the network. If you happen to be using wireless then this information will be sent over the air.  This means that anyone can sniff the air or plug into the network and read these unencrypted packets of information. If this information is simply a request to go to another webpage it’s probably not a problem, but if it happens to contain your credit card information then we could have a serious problem.

Unfortunately the internet and more specifically the http protocol is not secure by default, https however is secure because each of these packets gets encrypted before it is sent, meaning only the intended recipient can decrypt and read the message.

There are a number of reasons why SSL security is important:

• Online payments: – A secure connection is required for websites that take any form of online payments, be it through credit card payments or third-party payment processors such as Worldpay or PayPal. In recent months, however, the web has also seen an increasing number of non-ecommerce websites using ssl encryption on their websites, with big players such as the BBC, Facebook and Google also endorsing the change, even though they do not directly sell through their websites.
• Data security: It’s not just credit card details that are vulnerable to attacks online. Other personal information such as email addresses and social media messaging are also at risk. SSL encryption allows for the safe passage of this information, blocking it from any potential third-party access or unwanted hacks. If your website encourages its visitors to sign up to any memberships, or fill out any contact forms, then SSL encryption should be considered in order to safe guard this information.
• Site verification: – SSL certificates authenticate and verify the owner of a website, preventing that site from any potential phishing attacks, where third-party hackers often impersonate a website in order to obtain personal information.
• Verification of information: – SSL certificates also provide verification of the information that is listed on websites. This is particularly apparent on news sites such as the BBC or Guardian, and further prevents a users content from being altered by any third-parties.

So what does it all mean?

If you run a small brochure site, or do not require any personal information to access certain areas of your website then you are in no major rush to upgrade to an ssl certificate. Whilst Google have announced that they are beginning to favour secure websites over non-secure websites in search rankings, the implications are still small, and Firefox is yet to stop displaying non-secure websites.

However, if your website does require any level of personal information then online security is particularly important especially when shopping online. Even if you are simply entering an email address over wireless connection, this information can be vulnerable to third party access if your site simply operates on http access. Securing this information with SSL encryption (https) immediately combats any risk of unwanted sharing of your information. “Privacy by Default” is the new internet mantra and this is a message that companies such as Google and Facebook have began to endorse.

Introducing Lets Encrypt – A free SSL service

In the past, making your website secure was a pain. You had to purchase and renew multiple SSL certificates and add these to your secure web server. And this could often be a cumbersome task. It doesn’t have to be this complicated however.

Services such as Let’s Encrypt have revolutionised this process by making secure certificates completely free and the installation process as easy as possible. The result gives website owners the ability to offer https encryption and all of its benefits minus the cost and hassle of past years.

Of course, it’s important to ensure secure certificates from Let’s Encrypt are still installed by professionals, but this is where we can help.

Still stuck? – Get in touch!

If you are still unsure whether or not SSL security is for you, or if you have any other web development issues then please get in touch.