I’ve heard so many people talk about SSL, HTTPs and all that website lingua and it got to a point I realized I really need to put more light on this, especially for folks who already have a website.
What is SSL?
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
In lay english, what that means is that SSL is a tool/link/padlock-ish thing placed on your website to make it more secure so thieves and phishers don’t steal sensitive information on your website.
Why do Websites need SSL?
Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.
SSL is important because it makes it possible for information like credit card numbers, social security numbers, and login credentials to stay safe and secure when they’re traveling to servers and back.
What kind of websites need SSL?
Well, it depends on what the website is for. As far as there’s any exchange of data on the website, even as seemingly irrelevant as email, there needs to be that layer.
If your users enter a username and password to login to your site without an SSL certificate, an attacker can easily see their username and password in clear text. This would allow someone else to impersonate your visitor, but it allows for a far more dangerous possibility: Because users often use the same password on many sites (including their bank accounts), an attacker can potentially compromise many other accounts. If you let people store a password with you, you must take responsibility for protecting it, even if the security of your own site isn’t critical. –
A few other sites that need this protocol include:
- Banks or Banking websites
- Ecommerce stores
- Any website that makes you enter your credit card information
- Any website that has a form
But…. If your site is only a blog, then probably not. If you have a blog with no products, no memberships, no nothing except blog posts and maybe a contact form, SSL would be a waste of time, effort, and money.
How do I know if the website I’m visiting has SSL or is secure?
The use of the SSL Protocol is associated with the lock icon that appears next to the address bar of any website that has an SSL-secured website. The lock may also be enclosed in a green access bar. SSL-secured websites also begin with https as opposed to just http. However, in some rarer circumstances, it may also be a green padlock with a gray warning triangle, a gray padlock with a yellow warning triangle, or a gray padlock with a red strikethrough.
Varying forms of the green padlock.
A green padlock (with or without an organization name) indicates that you are definitely connected to the website whose address is shown in the address bar; the connection has not been intercepted.
A green padlock with a gray warning triangle indicates that the site is secure; however, Firefox has blocked insecure content and so the site may not necessarily display or work entirely correctly.
A gray padlock with a yellow warning triangle indicates that the connection between Firefox and the website is only partially encrypted and doesn’t prevent eavesdropping.
Warning: Never send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to a website without the padlock icon in the address bar – in this case it is neither verified that you are communicating with the intended website, nor is your data safe against eavesdropping!
A gray padlock with red strikethrough indicates that the connection between Firefox and the website is only partially encrypted and doesn’t prevent against eavesdropping.