As you may already know, Google has been campaigning for non-secure websites to make the switch to HTTPS, and even incentivizing the changeover by giving a better ranking to secure websites. This article explains what an SSL certificate does and why your WordPress website needs an SSL certificate in 2018.
Google recently announced that by July of 2018 all websites not using an SSL certificate and not showing HTTPS in the URL will be marked as “not secure.” This change will occur at the same time Google releases Chrome 68.
What is an SSL (TLS) Certificate?
SSL protects against the data-tampering and phishing we have become familiar with today. It encrypts the data in transit so that no unauthorized entity can steal or tamper with the data.
When a computer connects to a website, communication begins between the computer’s web browser and the web server the site is hosted on. Usually, this contact is unguarded—visible to any interested third party. Allowing important personal information out in the open makes it vulnerable to interception.
Think of an SSL/TLS certificate as a type of translator/gatekeeper with a couple key functions. It permits encrypted communication through Public Key Infrastructure (PKI) and also verifies the certificate holder’s identity. The translator only recognizes the valid certificate.
If communication is attempted without this translation key, the encryption scrambles the communication into symbols and characters making the communication useless to the person attempting to intercept the communication without the authentic key.
The Difference Between SSL and TLS
SSL (Secure Sockets Layer) is the predecessor to TLS (Transport Layer Security). Over the years, new versions have been released to deal with vulnerabilities and support stronger, more protected code algorithms.
SSL 3.0 was available in 1996 after vulnerabilities were found in the preceding 2.0 version. TLS (Transport Layer Security—an updated and more secure version of SSL) was introduced in 1999 as a new version of SSL based on SSL 3.0 but different to the extent that TLS 1.0 and SSL 3.0 are not interoperable. If you have an older SSL version it would be wise to upgrade to the newer TLS.
How Does an SSL Certificate Work?
Once a secure transaction is begun, (for example, when you click the Submit or Buy button to begin a transaction on a website), there are four steps made to establish a secure connection:
- The browser checks the SSL Certificate to ensure that it is valid and that the site you are connecting to is genuine.
- Data encryption levels are established based on what the browser and website server can both use to understand each other (the translation begins).
- The browser and server send each other unique codes to use when encrypting the information that will be sent.
- The browser and server begin communicating using the encryption, the Web browser displays the encrypting icon, and the Web pages and information are securely processed.
Types of SSL Certificates
The three types of SSL Certificate available today are Extended Validation (EV SSL), Organization Validated (OV SSL) and Domain Validated (DV SSL). Encryption levels are the same for each certificate, but what is different are the vetting and verification processes to obtain the certificate and the appearance and experience in the browser address bar.
- Extended Validation (EV SSL). With an EV SSL, the Certificate Authority (CA) checks the authorization of the applicant to use a specific domain name plus, it conducts a thorough vetting of the organization.
- Organization Validated (OV SSL). With an OV SSL the CA checks the authorization of the applicant to use a specific domain name plus, it conducts some vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, providing enhanced visibility of who is behind the site and associated enhanced trust. The organization name appears in the certificate at the ON field.
- Domain Validated (DV SSL). With a DV SSL Certificate, the CA checks the authorization of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal; it’s more “bare bones.” Although information is encrypted, you can’t be sure who is receiving that information.
DV SSL Certificates are fully supported and share the same browser recognition with OV SSL, and can be issued almost immediately and without the need to provide company information. DV SSL is perfect for businesses needing a low-cost SSL quickly and easily.
The Benefits of Using an SSL Certificate
Browser warnings will scare away your visitors without the SSL. Google Chrome, the most popular browser today, now confirms that a site is “Not Secure” if it has a provision for login credentials. Now, the ‘Not Secure’ warning is applied to all unencrypted sites.
These warnings could put a serious dent in your hopes to grow your subscriber’s list or increase your revenues. I don’t know about you, but in this day and age of hacking and ID theft, most people will exit a site that gets a warning of any kind!
SSL is not just a matter of security; it’s a matter of trust. Installing an SSL certificate and displaying icons that the website is secure communicates to customers that their information is kept private.
You need SSL to accept online payments. According to standards set by the Payment Card Industry (PCI), businesses accepting online payments must comply with a set of rules set by the PCI. If violated, a business could face serious fines.
SSL boosts your SEO ranking. Installing SSL doesn’t mean that your site will dominate Google’s first page, but it definitely helps. Sites without the SSL certificate are now downgraded by Google as mentioned earlier.
Why You Should Use an SSL Certificate
SSL is all about security. Hackers around the world are bent on interfering with business, government, and military, and stealing data.
To keep data from being stolen, encryption methods have been developed and continue to be improved as government-sponsored hackers become more sophisticated and try to steal, interfere, disrupt and otherwise pollute transactions and sharing of information across the Internet.
When Should an SSL Certificate Be Used?
If you have an e-commerce site that collects credit card information, if you use a 3rd party payment processor such as a bank or PayPal, for example, if your site has a login form or user registration form, or if you let people store a password with you, you are responsible for protecting that information.
Any site that collects data on a visitor should have that data protected with at least an SSL certificate. Aside from the security, the SEO value is simultaneously added since Google now downgrades the search results of sites without SSL, so it is important to have it installed on your site.
Having an SSL certificate creates a better user experience and builds trust with the visitor right from when they see that green padlock in the web browser. That trust is invaluable for enhancing the user experience.
After you create a CSR (Certificate Signing Request) and purchase a certificate it will need to be validated and processed. SSL certificate installation is typically performed by your hosting company, but if you know what you are doing you can install an SSL certificate yourself and then test and troubleshoot the website.
However, Golden Oak Web Design specializes in WordPress website development and can handle all the steps necessary to complete installation and setup of your SSL, as well as test and troubleshoot the site’s performance after the SSL is installed, to make sure there are no compatibility issues which sometimes arise.
Visit our WordPress SSL Setup Service page or call 602-633-4758 for more information and to get started.