What is SSL and Why is it Important?
What is SSL?
SSL (Secure Sockets Layer) is an internet security protocol that incorporates encryption when data is shared/exchanged. It was first developed in 1995 by Netscape with the aim to ensure security, integrity, privacy of data and communications over the internet. SSL is implemented on your site through the use of SSL Certificates.
SSL certificates are small files that are responsible for maintaining encrypted links between your server and the web browser. In simpler words, they make sure that the data passed between the server and internet browser remain absolutely private – no third party can access the information. A SSL Certificate must be purchased through a valid certificate authority that signs the certificate and validates it’s authenticity.
Whether users are sharing your blog post on social media, purchasing a book from your online store, or just browsing your site, you want to make sure that all the conversations taking place are not intercepted by unwanted users or advertising vendors.
As a website owner, it is crucial that your users feel comfortable when visiting your website and feel safe that their information will be transmitted securely on the internet. In the past, SSL was considered a luxury that only large enterprises used. It were limited to websites dealing only with sensitive information such as personal data, bank accounts, or credit card details. Nowadays, SSL Certificates are inexpensive, and almost mandatory for every WordPress site whether the data private or public.
Why You Should Use SSL on your WordPress site?
If you use SSL, you are informing the visitors of your site (and the search engines) that the data is kept secured between the users web browser and your WordPress server, making the transmission of data to and from your site safe from hackers. You are also gaining trust of the visitors, hence increasing web traffic and building reputation. Most importantly, your website is not getting highlighted by Google and other search engines as unsafe.
The main difference between these types of websites is in the URL itself: secured sites use https while others are simply http. This ‘s’ refers to the fact that the website you are browsing has a SSL Certificate keeping data safe. When you are browsing through websites, you often notice how many sites have a lock icon while some have alerts notifying you about how the website is not secure. Nobody wants the impression that their site is insecure.
Importance of SSL
Imagine making an online purchase with your credit card on an unsecured website without SSL. The information related to your credit card is being transmitted over the internet without any additional security or encryption. It goes as plain text, making it easier for third parties or hackers to intercept. You can lose your financial information in a jiffy.
Similarly, as a website owner, it is your responsibility to protect users’ data from being hacked or misused. This is the reason why SSL is important. SSL makes sure that the data being transmitted is concealed and protected. For example, when the credit card information is entered into a form on your website, the user’s web browser will first encrypt the data before sending it to the server, making it gibberish or impossible to comprehend.
The server then decrypts the traffic using a private key issued by a certificate authority. Moreover, with SSL, the website itself is protected and secured since it also authenticates your WordPress server as part of the process. Hence, hackers cannot decrypt the information or replicate a fake website with intentions of stealing your customers’ data.
Search Engine Optimization (SEO) and SSL
In 2014, Google explicitly announced that websites with https will be given higher ranking. Google wants to motivate all website owners to move towards https from http. So, if you would like to make sure your website ranks at the first page then, apart from SEO based content, SSL is important.
If your website is accessible via http and https both: http://www.MyWebsite.com and https://www.MyWebsit.com, then it is crucial to have a properly configured redirect. It is important with respect to SEO because both links/URLs will have exactly the same content accessible to search engines, causing duplicate content issues and resulting in negative impact.
Types of SSL Certificates for Websites
There are primarily three types of SSL certificates to choose from.
Single Domain SSL Certificates
This type of certificate covers one domain or website. For example, www.MyWebsite.com. You must remember that this type of SSL certificate protects one domain only. You cannot use this for ‘shop.MyWebsite.com’ domain if the certificate is for ‘www.MyWebsite.com’. This is one of the most common causes of errors caused by this type of certificate is misconfigured redirects. Using the example above ‘MyWebsite.com’ must redirect to ‘www.MyWebsite.com’ in order to be secure. Also, a redirect must be configured to send all traffic that arrives via http to the equivalent https page. With out proper redirect configuration, your site will not be taking advantage of the additional security provided by SSL.
Wildcard type SSL certificates apply to single domain, however they also include an unlimited number of subdomains. Hence, you can use this type of certificate to protect your subdomains such as ‘shop.MyWebsite.com’ and ‘blog.MyWebsite.com’. Properly configured redirects are also necessary with this type of certificate.
This type of certificate is applicable to multiple types of domains such as www.mywebsite.com, www.myonlinestore.com and so on. Most small business websites will not need this type of certificate.
How to Find Out if your WordPress site uses SSL
To know if your website uses SSL certificates and they are properly configured or not, open your website in the browser. The first step is to look out for ‘s’ (s for secure) with http in the address bar. Second step is to click on the lock icon to see if your website has a valid certificate or not. Please refer to the screenshot below.
Another quick test you can do is to check that your website is properly redirecting to a secure URL is enter, http://MyWebsite.com and/or http://www.MyWebSite.com Both of these URLs should properly redirect to https and show the proper lock icon as above.
What happens if my SSL certificate is invalid?
If the SSL certificate for your site is misconfigured or invalid, any user visiting your site will receive notification similar to the one shown in screenshots below. Your website will not respond because internet browsers will not display insecure sites. Any visitor that sees these kind of messages will leave your site, and most likely will not to engage with your business.
There are many different reasons why a browser will display the messages above. The most common causes are due to a misconfiguration on your WordPress server or an issue with the certificate itself. For example, the certificate may have reached its expiration date and needs to be renewed. It is also possible that the certificate has been revoked or invalidated by the issuer for any number of technical reasons, which may be difficult to figure out and resolve without professional or technical experience.
Are you facing issues with your SSL Certificate? They are not something you can ignore and present a glaring problem to the user. Contact us today and get any SSL issues fixed by our team of technical experts. The price for our service far outweighs the cost of your time spent to research and fix the problem yourself. You can have peace of mind in knowing that the issues will be taken care of properly. If you own a website and would like to increase your online presence and better engage with your customers’, trust is of utmost importance and correctly configured SSL is the right way to do it.
Ensure lock symbol appears in browser URL bar
Redirect from HTTP to HTTPS
Fix invalid certificate errors that prevent browser page from displaying
Help acquiring a new SSL certificate
Webserver configuration of new SSL certificate
DNS Settings for SSL Certificate
Redirect to preferred domain name in a single hop
Permanent redirect configuration
Help correcting mixed content errors