No matter how secure your part of the world is, for most of us, leaving home without locking our doors is quite simply unthinkable.
We wouldn’t dream of leaving our property and belongings wide open for anyone to get into – but that’s exactly what happens when you have a website without an SSL certificate. SSL security is one of the most critical things a website can have these days, and most visitors will expect your site to have one for their protection. It can literally make the difference between whether a visitor stays or bounces immediately away from your site.
SSL certificate basics
Any website with https:// rather than just http:// has an SSL certificate. The ‘s’ in the URL stands for ‘Secure Sockets Layer’ and basically signifies that the website has tiny data files that encrypt the link between the website server and a browser.
Your SSL certificate stops hackers from creating a duplicate of your website and tricking people into entering their details there because each SSL certificate is unique to the site it has been created for and the company it’s registered to. So even if a hacker can recreate your site, they can’t recreate your SSL certification to apply to it.
The other thing that not having a secure site can do is open you up to what’s called a Man in the Middle (MiTM) attack. Here, hackers can steal user information from visitors to your site (like emails and other contact details) and use them to create their own database to sell to your competition, who can then market directly to the traffic you’ve worked so hard to build up.
Sounds great, why else would I need one?
As well as protecting your website visitors and your business/website reputation, an SSL certificate delivers some other benefits you’re really going to like.
Browsers love SSL
As we’ve already mentioned, having an SSL certificate has a massive impact on how people interact with your website, but how browsers react to non-secure sites might mean that people don’t ever make it to your homepage. If you’ve ever spent more than five minutes searching online, you’ll probably have noticed that some browsers (like Google Chrome) will pop up an alert if a site is unsecured, making seem like it’s a REALLY bad idea to visit it. The upshot of this is that some people, seeing this warning, may close a tab down before your site has even had a chance to load fully. And you’ve just lost a valuable potential visitor.
SSL for better SEO
As well as having a positive effect on your bounce rate, which is great for SEO, Google also ranks sites with an SSL certificate more highly (remember how Google likes to deliver quality results to searches)? As well as ranking sites with up-to-date, quality, keyword-rich content higher, Google will also show preference to sites with an SSL certificate, as it signifies you’re serious about protecting visitors to your website.
People trust the padlock
Even if a visitor ignores a browser warning about your site being unsecured and makes it to your homepage, that’s not necessarily a sign that they’ll interact with your site the way you want them to. Have a think about your own actions when you’re searching the web – how likely are YOU to enter your details, or make a purchase, on a site that doesn’t have that little confidence-boosting padlock on the top left-hand side of the address bar? If you’re totally honest, the answer is, ‘Not very’.
People have become pretty well educated about cyber security these days – and for good reason. With so much of our everyday lives now taking place on computers, phones, tablets, and the internet the risks of having your details stolen are very real. Have a think about all of the websites where you’ve entered your email, phone number, bank or credit card details, address … and then have a think about how strong your passwords are. If you’re honest, and like many other people on the planet, you’ve used the same password on more than one site before. It’s a pretty common thing: recently, CyberNews.com did an analysis of 15,212,645,925 passwords and found that only 2,217,015,490 of them (or roughly 14.5% for those of you who like math) were unique. Any site that is unsecured and has some of the ~85% of duplicate passwords on it is up for grabs for hackers.
How do I get an SSL certificate?
Depending on your which platform you’re using, getting an SSL certificate can be as easy as clicking a button. There’s nothing to suggest that a free SSL certificate delivers any less SSL security than paid versions if you have a blog, or a small business website that doesn’t capture much in the way of visitor information, but if you’ve got a site with bigger security risks, you’ll need to up your protection level.
So there you have it – a thumbnail guide to what an SSL certificate is, why you need one and where to start looking to get yours set up ASAP!
As a rule of thumb, here’s what you might need:
Domain Validated certificate: basic level, ideal for blogs etc that don’t collect much, or any, visitor information.
Organisation Validated certificate: appropriate for business websites that capture leads, and collect basic, but not sensitive, visitor information.
Extended Validated certificate: the big guns – this is for sites that collect sensitive client information, such as financial details.
Where can I get an SSL certificate?
There are a number of places you can get an SSL certificate. Here are a few to get you started (bear in mind, we don’t recommend any of these particularly – it’s just a list to get you going):
- GoDaddy SSL
- Let’s Encrypt
- Basis SSL
- Instant SSL
While WordPress SSL isn’t really a ‘thing’ there are plenty of plugins you can use. Our tip is to look for plugins that are:
- Compatible with your version of WordPress
- Recently updated
- Popular: look for plugins with a good number of downloads
- Well reviewed