Over the last few years, there has been an evolution in the concept of SSL, with a number of initiatives aimed at making websites everywhere more secure against having their traffic “snooped” by third party organizations whose ethics you might have concerns about in the long term. Or understandably, you might just find the concept of storing everything you’ve ever done on the internet, forever, a little concerning.
In case you’re wondering, “SSL” (aka Secure Sockets Layer or sometimes, TLS aka Transport Security Layer) is the magic cryptography system which allows you to view web pages securely and safely without someone being able to intercept your communication along the way as it travels through the internet. It encrypts traffic between your computer and the remote server which holds your webpage so that it can’t be easily read by others. Mostly, you’ll recognize it as the URL changing to start with “https” and a small (often green) lock symbol displaying in the browser URL bar.
You may have seen the semi-biographical movie “Snowden” (2016), which dramatized the events around Edward Snowden’s release of information designed to highlight how government agencies were retaining data about nearly everybody for nearly forever. Similarly, there was an incident where Google discovered that the main trunk line linking two of it’s data centres had been tapped without consent, or perhaps more accurately, without their full knowledge.
As a result of these events and others, a desire was born to encrypt most communications as they cross through the internet; the intent being that this returns the internet to a higher level of security. Part of the concern is that over time, if government agencies can access our data as it travels over the internet, it’s only a matter of time before organized crime works out how to access it.
Google have taken a number of steps to push the internet towards more widespread use of https. The first is that Google Chrome, currently the most widely used web browser, now displays “Not Secure” in the URL bar at top if your site does not use https URLs. They plan to make this warning go red, instead of the current grey, in coming months! The other browser providers are taking similar steps. Google has also started to very slightly prioritize search listings for sites that use SSL certificates (https instead of http in the URL). Industry pundits consider it to be very likely that this prioritization will only increase over time. All in all, you can see that the overall push towards using secure URLs is gathering momentum and will only grow over time.
One of the initiatives to allow more encryption was a system called “Let’s Encrypt” which provided free encryption certificates (or cipher codes – also called “SSL Certificates”) for all sites on the internet, renewed every 3 months. cPanel, our control panel provider, has come to an agreement with Comodo, a well known certificate provider, which effectively works the same way; we chose this method as Comodo is better known in the industry at the time of writing.
So – as a result, nearly all of our sites now have free, working SSL certificates active. You simply need to convert your site to use them. The certificates are “short term” certificates that are renewed automatically every three months. Because of this, and because this technology is also all rather new, we do recommend fully registered 12 month certificate is your site is an established eCommerce site.
Your site needs to be converted to use https URLs instead of http URLs. There are a number of steps to doing this correctly, and in case you’re technical and would like to do this yourself, here’s a quick free overview:
- Change site base URL and ensure it works (varies with CMS)
- Redirect all non-https URLs to the https version
- Ensure all your images and scripts come from the https version of your site, to avoid nasty warnings
- Force all admin access to take place over https connections to keep passwords secure
- Update your theme/template to use https or protocol independent URLs
For a site that uses recent software this process is actually often fairly simple; however it can also be time consuming and tricky to get right if things are less optimal. If you do get it wrong it can result in errors and warnings being displayed to your site users which is obviously something that degrades user trust in your site.
As a caveat, it’s worth being aware that plugins will often break https sites, and that it may take authors some time to catch up and fix their code so it works.
- More secure – protects site admin passwords
- Ranks higher in Google
- Demonstrates you are in line with current best practice
- Shows your site as secure in the URL bar
- You need to convert your site, and this isn’t always trivial
- The free certificates are renewed (automatically) every 3 months
- A full certificate still preferred for eCommerce
Note: this only secures the connection between your user’s browser and the internet, but people rightly or wrongly will assume that if you’ve taken care with one aspect of your security then they can trust you across other areas. Often, they will just assume you are secure if they can see the word Secure displayed. It’s always important to do regular updates of your WordPress (or similar) site so you maintain your site security over time. See our other blog article here.
Conversion Product and special discount
For our blog readers, we’re happy to provide a discounted conversion service. We’ll convert your WordPress* site for a discounted cost of $70 (normally $95). This includes the above steps and others needed to make your site work seamlessly over a secure https link. Contact us if you’d like to book a conversion in — use the coupon code “SSL470” in the Subject to get the discount.
* contact us for non-WordPress sites and discussion about exclusions