Why should I bother?
When I created my first website, I didn’t have a clue what all this SSL business was all about. I just wanted to create my website and not have to deal with the unknown – and what could go wrong? It turns out that I had to install one later, which meant I lost some SEO progress and had some left over broken links to my non-SSL website (HTTP).
You may or may not need an SSL certificate but there are advantages of installing one, which I will explore in this article.
What is SSL?
Have you ever wondered what HTTPS means, or why websites like mine have a padlock symbol by them? This showcases that a website has an SSL certificate; those exhibiting HTTP do not.
SSL certificates help protect sensitive information on your website, such as credit card details, passwords, addresses and so on, to make it more secure and less susceptible to cyber attacks. Think of it this way: if you supplied your credit card details to a website to purchase something they’re selling, you’d want your sensitive data to be protected, right?
How does SSL technically work?
If you don’t want to be bored, skip to the next header, but SSL stands for secure socket layering, which ‘encrypts’ packets of data that are sent between multiple networks or devices. Requests are sent as ‘hypertext transfer protocol secure’ requests. Data packets can only be ‘decrypted’ by a key that is sent to the recipient by the sender so that only the sender and receiver can decrypt and read the code. They’re encrypted in a way that humans cannot decipher, so if you ever opened an encrypted packet of data, it may look something like this:
Good luck with trying to understand this gibberish!
Other than being a way for web hosting providers to try to rip you off if you don’t need it, if a web hosting provider actually offers an SSL certificate (and not TLS), it’s out-of-date and is more susceptible to hacking attacks than TLS. SSL certificates don’t actually prevent unauthorised parties from receiving data packets; it only prevents attackers from reading it, and an advanced hacker may be able to bypass the encryption, decrypt it and access the data. Encrypted data is more of a target to attacks as it tells attackers that, as it’s protected, it must contain valuable data that’s worth attacking.
For the record, know that SSL is technically superseded by transport layer security (TLS), which is like an updated version of SSL. TLS offers better security and is usually referred to as SSL by web hosting companies as this is the common protocol name and no one understands it anyway. If you want to ensure you’re using the latest encryption technology, I’d recommend using the web hosting provider on my resources page since they use TLS despite calling it SSL!
So what are the benefits of SSL?
SSL certificates have their benefits as follows:
- Data is protected: it’s safer and less prone to data theft or cyber attacks and demonstrates adherence to the data protection act or the US privacy act
- Buyer confidence: online shoppers and people creating user accounts expect HTTPS websites before providing personal information, and this is a no brainer!
- SEO: improve your search engine ranking – HTTPS websites are prioritised over HTTP websites as it shows you’re more serious about your website and is a ranking factor. For more information about SEO, see my SEO article
- Improved domain authority and status
- Shows padlock, thumbs up, green bar, secure symbol or some other sign
Do I actually need an SSL certificate?
It really depends on your circumstance, but in my opinion, ask yourself this: how invested are you in your website? Is your website something you’re building because you need one or because you want one? If you want to spend a lot of time and effort to make your website great then chances are you should install an SSL certificate. On the other hand, if you’re a sole trader who just wants to quickly build a website and forget about it, as long as you’re not dealing with sensitive data, you probably don’t need one.
SSL certificates tend to be for more serious websites, and whether you should get one depends on the following:
- Are you on a limited budget? If you are, maybe NO
- Do you predict your website will become large or have lots of traffic? If you do, then YES
- If you handle data (like user accounts, ecommerce orders or personal information), YES
- When you’re dedicated to building your website, add regular content and are serious about it, YES
- If it’s a small, static website that won’t be changed, updated or tended to regularly, NO
But remember, there are benefits of having an SSL certificate, and you need to get it right from the outset. Changing it later like I did was a bad move, and there could be consequences (as I said previously, losing SEO progress and killing any existing backlinks). But ultimately it depends how invested in your site you are.
Installing an SSL certificate
If you’ve decided to get one, make sure it uses the TLS protocol rather than the outdated SSL protocol (remember that TLS and SSL are different protocols but TLS is often referred to as SSL by web hosting providers). I’d suggest either checking with the web hosting provider you’re interested in, or simply use my recommended hosting provider.
Once you’ve bought an SSL certificate with web hosting, installation will depend on your provider. If you’ve used a provider with a simple process like my recommendation, you’ll just need to click a button – then it’ll automatically be installed on your root domain and all website pages (and on your blog or wordpress website if you have these). The video tutorial on my website shows how to do this. Otherwise, you’ll need to contact your own provider to ask them how to install an SSL certificate.
Beware – don’t be fooled!
You may come across these ‘fantastic’ offers that seem too good to be true; and this is because they are in fact too good to be true! Be wary of installing your own SSL certificate or having it installed by a cheap organisation who isn’t a recognised authorised SSL certificate provider. If you start trying to dodge the bill with dodgy providers, this will likely be worse than not having one in the first place. Despite the data actually being encrypted, anyone who visits your website will be shown a warning message of an untrusted connection due to the invalid security certificate as follows:
In order for them to access your website, they’ll have to manually add an exception – most people won’t and they’ll just bounce!
As for these so called ‘free’ SSL certificates, there’s usually a catch. Either the error message above will show, and/or the data will be fed through the SSL provider’s servers which will require migrating your entire website to their server and buying their other services. Trust me, it’s not worth it.
I hope this helps!
Thanks so much for reading my article. I really hope this provides some insight into your decision and that you actually know what you’d be getting. I wish I knew about this when I started my first website!
While you’re here, why not grab a free copy of my website start-up guide and checklist which not only explains SSL but also the entire website process, for beginners, with video tutorials.
If you’ve found this helpful, please share this page so that others can benefit.