Site security and data protection are really important issues where sensitive information is involved, for example, e-commerce and membership sites. Traditionally, webmasters would have to purchase SSL certificates, but now they can obtain them for free through Let’s Encrypt (LE), a free, automated, and open certificate authority brought to you by the Internet Security Research Group (ISRG). Also, Google has highlighted on two or more occasions that they have started giving a slight ranking boost to HTTPS URLs.
Do you need SSL for your site?
- If you sell products and collect customer information? Yes.
- If you offer memberships and collect personal data? Maybe, but better to implement.
- If your visitors submit sensitive information via forms? Yes.
- If your site is only a blog? Not necessary.
Through DreamHost, you can install certificates within a matter of seconds since DreamHost is one of two recommended hosting providers, the other being SiteGround, onboard with LE’s offering.
What Is SSL Encryption?
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as ‘SSL’, are cryptographic protocols designed to provide data security over a computer network. The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating computer applications.
Naturally, privacy and data integrity are important issues regarding internet use especially in the area of e-commerce. It’s critical to note that while SSL is a step in the right direction, so too is robust website security software and risk planning. For example, I use top rated WordPress plugins, to protect and backup my sites.
How does SSL work?
This video from Lyquix provides an excellent three-minute summary of how SSL works.
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. To date, they’ve issued more than 500,000 certificates and have attracted some big name platinum and gold sponsors such as Mozilla, CISCO, Google, Facebook, and Automattic (WordPress). You can read more about Let’s Encrypt here.
- Easy installation process
- Dedicated IP not required
- No validation emails
- Trusted by all top browsers
- Renews automatically after 90 days
- Supported by major internet companies
After installation, your site may not load correctly. As a result, you should do these two things to bring your site back to normal:
- Update your bookmarks from http:// to https://
- Install the Really Simple SSL WordPress plugin which redirects all incoming requests to https.
SSL security is not a must, but it will enhance website trust and help you to score points in SEPR. As mentioned, Dreamhost and SiteGround make the certification installation process easy, and for the technical savvy, LE provides instructions regarding how to install. For paid options, prices range, and you can visit Comodo, GeoTrust, and Thawte.