Websites can transmit a lot of sensitive information during a typical browsing session. Consider what you share online every day: your email address, mailing address, phone number, credit card info, even your login credentials. That’s a substantial amount of information you don’t want falling into the wrong hands! The secret to keeping your and your visitors’ info safe lies in SSL (Secure Sockets Layer) certificates. Learn what SSL certificates are, which websites need one, and what else you need to do to protect yourself and your visitors.
What is an SSL certificate and what does it do?
An SSL certificate is a basic security measure that protects data as it moves from a website to a server. If you submit a payment, log in to an account, or subscribe to a newsletter, an SSL certificate will prevent cybercriminals from stealing that information in transit. You’ll know if a website has one if the URL begins with “https” instead of “http,” and a padlock icon appears next to the URL.
Does my website need an SSL certificate?
All websites can benefit from an SSL certificate, but you should absolutely get one if you…
…collect data on your website. Any website that collects any kind of data should have SSL security. It’s especially crucial if you take payments on your site, but it can also protect your admin login credentials or email addresses collected. Without the protection provided by SSL, that data is at risk, and could be very useful to the right cybercriminal.
…want to keep visitors coming back. Even if your website doesn’t collect data, it is worth investing in an SSL as a signal to your visitors that you care about their safety. Popular browsers like Chrome and Firefox will flag websites as insecure if they don’t have an SSL certificate – even if they don’t collect data. This could be alarming to visitors, and it’s meant to be! In fact, 27 percent of consumers worry about their information being compromised, so an SSL certificate could be worthwhile just to put their minds at ease!
…want to rank well in search results. An SSL certificate is also worth the investment if doing well in search results is important to you. As a way to encourage websites to use SSL certificates, Google has used HTTPS as a ranking signal since 2014. This means that websites with SSL certificates may rank better in search results than sites that don’t, and that’s something every website can benefit from!
How do I get an SSL certificate?
Different websites have different security needs, and there are different types of SSL certificates to match. If you’re not sure where to start, talk to your hosting provider. Most offer a free DV (Domain Validated) SSL certificate, which meets basic SSL requirements. Additionally, some hosts will allow you to use trusted free SSL certificates from certain providers. While free options are available, the pricier certificates provide more comprehensive protection. Again, it’s all about which is right for your website. Check out our handy guide on the types of SSL certificates to see which works best for you!
Is an SSL certificate all I need to protect my website?
To reiterate, SSL security only protects data in transit as it moves from your website to a server. They don’t protect data stored on your website or stop malware that can expose that data, nor do they block malicious bots like the ones that cause DDoS attacks.
To fully protect your website, we recommend the following:
- Create backups regularly. If something goes wrong, you’ll have a clean, recent copy of your site to restore from.
- Install software updates in a timely manner. If your website is run on a CMS like WordPress, installing updates is critical as they usually contain critical security patches. Using an automated patching service allows you to automatically apply vulnerability patches, so you can complete full version updates on your timeline.
- Use strong, unique passwords. Reusing a password puts all of your accounts at risk if that password is exposed. Use a trusted password manager to safely store all your different passwords!
- Block bad bots with a WAF (Web Application Firewall). A WAF blocks malicious traffic that can slow your site or cause DDoS attacks.
- Scan your website daily for malware and vulnerabilities. A website scanner is the fastest and easiest way to look for threats every day – especially if the scanner can remove malware automatically.
While SSL certificates are just one part of cybersecurity, they are critical in protecting the information you and your visitors share online every day. By protecting that data as it travels from site to server, SSL security ensures valuable info is not intercepted by cybercriminals. By using an SSL certificate on your site, you’ll also put visitors at ease while improving your chances of ranking well in search results. What’s not to love? For more about what an SSL certificate can do for you, tune into our podcast, Decoding Security. And if you’re ready to protect your website inside and out, see which SiteLock plan works best for your site.