SSL, or Secure Socket Layer, is an encryption protocol that takes the session information between clients and servers and makes it indecipherable to anybody else who may be trying to eavesdrop or intercept it. This makes it impossible for external parties to read any meaningful information from intercepted traffic, and creates an all-round safer browsing experience for you and your clients. This deterrent highlights the shift in security consciousness of the average internet user. Users are far more likely to close your webpage if they are greeted with the news that your site is not secure.
If that was your website, you could have just lost out on another customer. These messages and prompts have the potential to reduce traffic to your website just by having an additional step to access your content, which will end up costing money in the end.
Just because your connection is encrypted and secure doesn’t mean the data being transmitted can’t be read at either end of the connection. If your web server is vulnerable to malware and viruses, or has been compromised by a rootkit or Trojan, attackers with access to the web server will be able to read information from the server itself, effectively side-stepping the SSL security features.
If malware such as key logging software is already loaded onto a device such as a smartphone or laptop, data like passwords and usernames can be intercepted directly from the computer’s keyboard input, rendering the SSL connection useless.
This means you will need to ensure your web server is updated, secure, and free of any malware or viruses. Additionally, basic account and password precautions should always be observed, regardless of whether you have SSL running or not. Be sure never to share your login details with anyone, and consider changing your passwords regularly.
When it comes to technology in general, people are sometimes apprehensive about changing over to new things, and SSL certificates are a prime example. Other times, people hear the same incorrect information over and over again and then internalize it as fact. Below are some of the most common things people mistakenly think about SSL certificates, and it makes for some interesting reading.
I only need SSL on my home page.This is not a good idea. Once you have logged in, hackers are far more likely to hijack your session if your landing page is not secured. Since you have already logged in, they already have access to your profile. You will want to enable encryption on all of your pages so that your data streams are 100% covered with SSL.
I don’t process payments, so I don’t need SSLSome people believe they don’t need an SSL certificate, because they don’t have an online payment portal. This logic makes sense if you think payment information, such as credit cards and banking details, are the only pieces of data cyber criminals and hackers are after, but that is just the tip of the iceberg. It turns out that information as seemingly innocuous as a simple email address can give persistent hackers a clue of what login credentials they can try to use as a username login for other websites. It only takes one piece of information falling into the wrong hands to unravel your entire security online.
I'm a husband, father, son, scuba diver, mountaineer, adventure photographer, commercially licenced drone pilot, autism dad & climate change advocate. I've a eye on a better brighter, cleaner more accepting future for all of us.
All author postsThe web design and development processes are complex and multifaceted process, and it’s...
Google updates their ranking algorithm frequently. But with all that’s been going on this year...
SSL, or Secure Socket Layer, is an encryption protocol that takes the session information...
It sounds easy, but brand identity it’s tough to build from scratch. In the simplest terms...
That's why I'm not so sure about it. It's actually what caught me out when upgrading Apache from 2.0.5 to 2.2.0. It took me a while to figure out how to set up SSL/TLS in Apache 2.2. It would seen they've made efforts to unify the whole config for startup.
Dreamweaver has nothing to do with anything. If your hosting company says something like "We don't support XYZ html editor" (except for Front Page because it does require special folders, etc. but you can get around that too) they are blowin' smoke.