SSL has been around since the mid 1990’s but has typically only been used by big business. In more recent year it’s usage has spread to a wider audience, not only e-commerce stores but more general sites as well.
When someone first comes across SSL they generally have two questions: what is it and why do I need it?
What is SSL?
SSL (or Secure Socket Layer) is a method of encrypting data that passes between web servers and clients (typically your web browser).
You can tell that a site has an SSL certificate in two ways:
- It has a green lock symbol in the browser bar
- It uses HTTPS instead of HTTP
Google.com showing off its green lock symbol and HTTPS.
Because data tends to be bounced between servers before reaching its destination, it’s possible that it can be intercepted and used by malicious people.
SSL helps prevent this by making the data (e.g. your credit card information) unreadable while in transit, securing it from prying eyes.
Do I really need SSL?
SSL has numerous benefits, but not everyone really needs to use it.
The types of sites that should always use SSL are:
- E-commerce sites or any site that processes payments
- Sites that accept sensitive data such as social security numbers
- Membership sites or sites that hold any user data
Sites that don’t accept or hold any sensitive data (for example a basic blog) can usually get away with not having an SSL certificate, but as you’ll see there are benefits to having an SSL certificate even for these sites.
Benefits of Using SSL
As mentioned above, SSL allows data between your site and other servers or clients to be encrypted, which is vital nowadays. Even if your data is not sensitive, encryption means that the data you send cannot be modified somewhere in the middle helping increase overall site security.
If you’re an e-commerce site you will need to be PCI (Payment Card Industry) compliant. Part of the compliance is to “Protect Cardholder Data” which is make sure that their data is encrypted. SSL does just that.
PCI compliance might seem like a US based system, but more and more countries outside of the US are seeing the benefit of the requirements and it is becoming law in various US states and other countries.
There have been, and continue to be numerous instances where unencrypted data has been hijacked by nefarious parties.
As such more and more lay people are realizing that the lock symbol and HTTPS protocol displayed in the browser address bar confirm that a site is using SSL and is safe(r) to use, especially e-commerce sites.
The use of SSL improves overall trust in your site, as it tells visitors that your take security and their data seriously.
Helps Prove It’s You
Have you ever seen an email land in your spam folder that says it’s a certain website, such as eBay or PayPal? These are so common it’s crazy, but the next time you see one, check if the URL has HTTPS or not. If it doesn’t then it’s not that site, as most major brands (especially those that handle money) use SSL certificates.
This is the main reason why any and every site should have an SSL certificate: it can help boost your search engine ranks!
Ever since 2014 Google has been using whether a site has SSL or not as part of its ranking algorithm. Don’t expect to hit the number 1 spot on page 1 just because you’ve got an SSL certificate but every little helps right?
Potential Cons of Using SSL
Nothing in life is all good, but to be honest SSL certificates come close. That being said there are some things you should be aware of.
It’s Still Just Code
People created SSL which means it may still be susceptible as people do make mistakes. Take OpenSSL for instance. Back in 2012 there was a bug introduced to the SSL code that allowed hackers the ability to intercept the transmitted data and use it.
This sadly, wasn’t disclosed until 2014 and it affected over half a million servers worldwide. The Heartbleed bug as it became known was patched in later versions of the code, but it goes to show that not even SSL is exempt from mistakes.
That being said, having SSL is still more secure than not having SSL!
People tend to get hung up on cost but really, can you put a price on security? Plus SSL certificates just aren’t that expensive with affordable options between just a few dollars and $200. More secure options are available at a higher price.
There’s also plenty of free options available as well, should you really not be able to afford even the cheaper end of the SSL market.
Note: I’d recommend avoiding StartSSL, even their premium options, as Mozilla (the people behind Firefox) are considering un-trusting their certificates due to StartSSL not following guidelines.
In previous decades this may have been a factor but nowadays it’s actually more of a myth than anything. SSL simply doesn’t affect performance unless you’re handing hundreds of thousands of visitors per minute. Even then a decent network administrator can change how your server works to get around any performance issues.
Not Plug and Play
This might be a big one for some people in that adding an SSL certificate isn’t as easy as clicking a few buttons. It’snot hard either but it does require a modicum of tech knowledge. Some SSL providers also offer installation services should you be willing to pay for it.
As well as that your site might need to be tweaked to handle something called Mixed Content. This is where your site is using content from both HTTP and HTTPS servers which freaks the browser out and causes your visitors to see warnings which might frighten them away.
Mixed Content issues are fixable but may require a developer if you’re not savvy in this department.
The Bottom Line
While there are a few cons to using SSL certificates on your site, the pros far out weight the cons. SSL is becoming the norm with more search engines and web users alike demanding security.
By installing an SSL certificate you’re getting yourself ahead of the game and telling your visitors that you take their fears seriously.
The price really isn’t that expensive so there’s really no reason not to use SSL on your site.