Blog.

Article topics

  • All

  • Best Practice

  • Branding

  • Case Study

  • Data privacy

  • Design

  • Email

  • Internet news

  • Logos

  • Marketing

  • Packaging

  • Search

  • Social Media

  • Team

  • WCAG compliance

  • Web Accessibility

  • Web Design

  • Web Security

  • Wordpress help videos

The importance of an SSL certificate on your website

Mark Tomkins
By Mark Tomkins
15th October 2015

What is an SSL certificate and how important are they to my website?

Most website owners, unless they operate an e-commerce website, won’t know what an SSL certificate is – and why should they? It’s for credit card payment websites, right?

Wrong.

Let’s start with some basics.

What exactly IS an SSL certificate?

SSL (or Secure Sockets Layer) certificates are a piece of clever digital coding that resides on your website’s hosting space and essentially encrypts the data that goes through it – forms that people submit on your site, ordering details, personal contact information from within log-in areas – all of that. If a website displays data, it can be intercepted.

The job of the SSL is to make sure that all the data that travels between your computer’s browser when viewing a website and the webserver (the place where your website is hosted (and back again) are protected against being read if intercepted.

How can someone intercept this information? Well, without wanting to provide a Janet & John step by step guide to hacking websites here, all off the information sent via a web page (like when you complete a booking form on a site or you log into your favourite online grocery shop) can be grabbed by something called a ‘man-in-the-middle’ (MINM) vulnerability. This basically means anything that you see and enter into a website, the person doing the MNIM hack will see, too.

Not good. Nope, nicht, non.

However, if that website has an SSL certificate on its hosting server, then all that lovely private data is encrypted to such as level that, even if our hackers performing a MINM hack get, well, in the middle and grab the data, it will be utterly worthless to them as it will all be encrypted and completely jibberish.

So, how does it work?

There are lots of variations and how they work – the levels of encryption and so on, but in short, there is a key (a passphrase or cipher) that is used to  encrypt the data (mix it all up so it doesn’t make sense) – this is then deciphered (or decrypted as more commonly used term) at the receiving end (the web server). Only that web server can have that unique key or cipher so you know that your favourite shopping or movie habits aren’t going to become public knowledge if the data gets intercepted. I would add that this does not necessarily mean that the data stored about you on that website is encrypted though and if that website is hacked or subject to a brute force attack and the data stolen, if it is not encrypted, too then it will all be readable. However, it is recommended that websites that allow users to create an account and have their preferences (from payment details to show size) are also protected by an SSL.

So, what’s that got to do with my non-ecommerce website?

For the last year, Google has been deploying changes to the way it rates a website – these all fall under the horribly misused term of SEO (**shudder). But one of the aspects that Google has deployed as part of its ‘Penguin’ update (yes, they are so far all called by animal names) from last year is checking to see if a website has an SSL certificate. Google likes responsible website owners – among all the other things like good content, inbound links to your website to show that others value your website, well-structured URLs, Google also cares about the privacy and security of a website.

It has to know that if it sends someone to it via a search on its site, it isn’t going to be handing that innocent viewer over to a site that rinses them of all their personal information and cares little about what happens to that data. Google cares, honestly.

With that in mind, it announced that it was going to start to prefer websites with an SSL on it – i.e making the URL go green in the address bar and change the URL to httpS (to show it’s got an SSL installed.

Why? Well, for the reasons explained, above, it wants to deliver users to websites that are bona fide, run by people who care about the quality of the internet and the way that Google does this is by saying – “if you’ve gone to the trouble and expense of installing an SSL to protect your visitors and their data, I’m going to reward you for that good deed”.

An example – let’s say there are two websites for local florists – one has an SSL certificate and one doesn’t, when users searches for a florist near them, the site with the SSL certificate will, in almost all cases, get listed in the search results above the one that does not have an SSL.

Obviously, there are going to be other contributing factors that help that – all of which fall under that phrases ‘SEO’ as mentioned above and in previous articles – but the basic principle is – if you have a website and that site has an SSL certificate, Google will look on your more highly in terms of search results than if you don’t and we don’t see this changing any time soon.

“How much is all this going to cost me”, I hear you ask.

You can upgrade your annual website hosting package with from as little as £99 + VAT per year and we’ll install and manage your SSL certificate, renew it each year and make sure it’s doing its job in keeping your users’ data and details as safe as can be. Our entry-level GeoTrust certificate will provide your website with:

  • > 2048 bit encryption that Google is looking for

  • > the glowing green address bar in your browser that tells users their details can’t be read if intercepted

 

and the knowledge that it will contribute to a better search experience for your visitors.

If you’re running an e-commerce website, you may require a higher-rated SSL certificate as prescribed by your bank or card authoriser – but we can guide you on this if you need some support.

How quickly can I get an SSL installed?

An SSL certificate can be installed usually within 48 hours but you will require access to the email manager of your domain as you will need to attribute a specific email address to which the issue can send the SSL key. Most issuers require webmaster@, postmaster@ or admin@ to be accessible to receive this key. 

We’ll then install and make the necessary changes to your site.

If you would like an SSL certificate installed on your website, give us a call on 01525 373020 and we can run through what’s best for your site.