SSL is making headlines over the past few months due to it’s rise in availability and the emphasis major players like Google and WordPress have given the SSL status. Google announced that it would begin giving priority preference to websites with an SSL, vs unsecure sites by shaming and calling attention to those sites not secure. WordPress on the other hand announced that some of their future features will be dependent on a site being secure with an SSL. This will impact 1 in 4 sites on the web (WordPress powers roughly 27% of the sites on the web).
What to do if you have a website, and specifically a WordPress site and your not currently utilizing SSL. Below are a some quick questions and answers on steps to take.
First, What is SSL?
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol. In short it is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.
Second, Who Needs SSL?
Traditionally, when you had an eCommerce site, or transferred sensitive information, you needed to have the site secure. Moving forward, every site should get an SSL certificate and secure their traffic. Not only to avoid the shame, but to help create a more secure experience for your users.
Is your site secured with an SSL?
You can check your site very easily by navigating to the site in a browser, and looking to the left of the URL in the address bar. If you see a locked lock (typically green) with the words “secure”, click on it and you’ll see details on the page security. If you see a lock that is not closed, or an “i” these are typically indications that it’s not secure.
What does an SSL cost?
The costs can vary by service and your hosting environment. Many hosting companies now offer free SSL certifications, as they know the value and trends. Most of these hosting companies are leveraging free certifications from Let’s Encrypt. This is a free service that needs to be renewed every 3 months. If your hosting company includes the SSL, they typically handle all renewals. If you would like a list of good hosting environments, please message me.
Note: Some hosting companies force you to use their SSL, like GoDaddy. Their SSL costs $70 annually, and they lock their servers and services down to prevent users from using Let’s Encrypt. Given their cheap hosting options, this still may be an affordable option for many.
How to get an SSL?
If you are tech savvy and know your way around the CPannel or web hosting control panel you can see if your hosting provider provides SSL under the security, or apps section. If you cannot find it there, please refer to their FAQ section.
If you cannot find it there or are not tech savvy, call your host and ask for an SSL certificate. There will likely be a cost here, but they will install the certificate and validate for you.
If you are looking to install your self here’s a great step by step for Let’s Encrypt.
As a conclusion, the minimum standard for maintaining a website is changing, and to ensure that your site is not left behind you’ll need to update to SSL. At the time of writing this email, I am evaluating my options for SSL even though I only have contact forms on this site. If you need any help in updating your site, or SSL questions, feel free to comment below, or send me an email.