Why your website needs a SSL Certificate

10 May 2021   |   by Alex Barratt   |   SSL, Security
How many of us have actually taken the time to understand what SSL Certificates are and what they do?

SSL, or Secure Socket Layer, is an encryption protocol that takes the session information between clients and servers and makes it indecipherable to anybody else who may be trying to eavesdrop or intercept it. This makes it impossible for external parties to read any meaningful information from intercepted traffic, and creates an all-round safer browsing experience for you and your clients. This deterrent highlights the shift in security consciousness of the average internet user. Users are far more likely to close your webpage if they are greeted with the news that your site is not secure.

If that was your website, you could have just lost out on another customer. These messages and prompts have the potential to reduce traffic to your website just by having an additional step to access your content, which will end up costing money in the end.

The Importance of SSL Certificates.

Not having an SSL certificate means your website is also going to suffer in the Google rankings department. Why? Because websites that begin with insecure “http” prefixes are” automatically ranked lower than SSL-equipped sites, which all start with “https.

Google does this to ensure the most secure search results appear higher up in the list, as opposed to non-secure websites that get pushed down, or omitted entirely.If you have a mail server or any other internet facing service that has confidential data in it, you will definitely need SSL certificates installed. This will prevent your sensitive data from being intercepted or tampered with with, giving you peace of mind and added security.

Just because your connection is encrypted and secure doesn’t mean the data being transmitted can’t be read at either end of the connection. If your web server is vulnerable to malware and viruses, or has been compromised by a rootkit or Trojan, attackers with access to the web server will be able to read information from the server itself, effectively side-stepping the SSL security features.

If malware such as key logging software is already loaded onto a device such as a smartphone or laptop, data like passwords and usernames can be intercepted directly from the computer’s keyboard input, rendering the SSL connection useless.

Jason Maria

This means you will need to ensure your web server is updated, secure, and free of any malware or viruses. Additionally, basic account and password precautions should always be observed, regardless of whether you have SSL running or not. Be sure never to share your login details with anyone, and consider changing your passwords regularly.

What About TLS?
Isn’t It Better Than SSL?

This is where things can get confusing. TLS (Transport Layer Security) is a phrase people have started to hear more often in recent years.
The truth is that SSL and TLS are part of the same protocol suite.
In fact, most technologies such as VPNs will list SSL/TLS together as one of the security measures they have in place as a connection method for private browsing.

The reality is, these two protocols are the same thing — a digital certificate that encrypts data between two parties and keeps your information safe. TLS is merely an updated version of SSL, and TLS certificates are also called SSL certificates. The best thing to do if you are unsure is to ask your provider which you have, and they can assist you.

Common misconceptions about SSL certificates

When it comes to technology in general, people are sometimes apprehensive about changing over to new things, and SSL certificates are a prime example. Other times, people hear the same incorrect information over and over again and then internalize it as fact. Below are some of the most common things people mistakenly think about SSL certificates, and it makes for some interesting reading.

I only need SSL on my home page.

This is not a good idea. Once you have logged in, hackers are far more likely to hijack your session if your landing page is not secured. Since you have already logged in, they already have access to your profile. You will want to enable encryption on all of your pages so that your data streams are 100% covered with SSL.

I don’t process payments, so I don’t need SSL

Some people believe they don’t need an SSL certificate, because they don’t have an online payment portal. This logic makes sense if you think payment information, such as credit cards and banking details, are the only pieces of data cyber criminals and hackers are after, but that is just the tip of the iceberg. It turns out that information as seemingly innocuous as a simple email address can give persistent hackers a clue of what login credentials they can try to use as a username login for other websites. It only takes one piece of information falling into the wrong hands to unravel your entire security online.

Alex Barratt

I'm a husband, father, son, scuba diver, mountaineer, adventure photographer, commercially licenced drone pilot, autism dad & climate change advocate. I've a eye on a better brighter, cleaner more accepting future for all of us.

All author posts
Related Posts
A man looks at lines of html code on a screen
Web design & development best practices

The web design and development processes are complex and multifaceted process, and it’s...

A hand holding a mobile device dispaying search results
Marketing & SEO tips to get ahead with Google in 2021

Google updates their ranking algorithm frequently. But with all that’s been going on this year...

A hand touches a digital padlock on a screen
Why your website needs a SSL Certificate

SSL, or Secure Socket Layer, is an encryption protocol that takes the session information...

A book title brand identity on a desk
Discover Your Brands Real Identity.

It sounds easy, but brand identity it’s tough to build from scratch. In the simplest terms...

2 Comments
  • Demitri Bitniack Reply
    16 April 2021, 12:07 pm

    That's why I'm not so sure about it. It's actually what caught me out when upgrading Apache from 2.0.5 to 2.2.0. It took me a while to figure out how to set up SSL/TLS in Apache 2.2. It would seen they've made efforts to unify the whole config for startup.

  • Catherine Stuart Reply
    24 April 2021, 10:23 am

    Dreamweaver has nothing to do with anything. If your hosting company says something like "We don't support XYZ html editor" (except for Front Page because it does require special folders, etc. but you can get around that too) they are blowin' smoke.

Write A Comments