Since over about a year ago, I started to move most of my clients’ website to a better server and set up SSL for their website. It has also become my favourite subject whenever I spoke to clients or clients-to-be.
If you have been using the Internet long enough I’m almost certain you have come across the term “SSL”, though you may not have good idea what it is and why so many people are talking about it especially lately. I hope to do my part as a good netizen by sharing with you what I know about SSL and explain it to you in layman’s terms. Disclaimer upfront this is not a technical write-up, I won’t be telling you how to decide which SSL is best or how to set it up for your website. But I will explain to you why SSL matters and how SSL works. So sit back, get comfortable and read on!
What is SSL?
Since this post is about SSL, I should first explain what SSL is. SSL stands for Secure Socket Layers. A daunting name right? The only part you need to relate to is the term “layer” — It is indeed an extra layer that offers protection. Protection for what? Mostly websites.
A website that has SSL enabled has the word “HTTPS” at the beginning of its URL. If you don’t know what a URL is, let me know, I might just write another post about URL. So, a website that doesn’t have SSL enabled, will have a URL that starts with “HTTP” (without “S”) instead. And yes, you’ve guessed it right, the “S” stands for “secure”.
In Google’s book, a website that doesn’t have SSL enabled is considered not secure.
As an Internet user, when you visit a website that has SSL enabled, ie secure, you are assured that any information exchanged between your computer and the server that hosts the website is limited to your computer and the server’s access only. Anyone who tries to steal the information by intercepting the connection between your computer and the server will end up with strings of gibberish which they will not be able to decipher.
How does SSL work?
This is the fun part. I’m about to explain how SSL works by using an analogy that guarantees you the “aha” moment!
Remember the older days when we used to have telephones in the house? I’m talking about the phones that have dialer or dialpad on them, and a cord that connects to the wall socket. Rings the bell?
Some households had more than one of these in the house. For example, one in the living room, one in the bedroom. Most of the times these phones were connected to the same line, so when calls come in, people could pick up the call from either room. Which also means when someone was talking on the phone, another person could pick up the other phone to eavesdrop the conversation? (Admit it, most of us had done that!)
With this picture in mind, I shall start to explain how SSL works.
When you visit a website that is not secure, it would be like you using a phone that someone else could listen in through another phone. It’s that simple!
So, what happens when you visit a website that is secure? Imagine the following scenario:
The moment you pick up the phone, the caller says: “What language shall we use today?”
You reply: “We’ll use the F-language!”
The caller agrees and both of you carry on the conversation using coded language that only both of you can understand. Meanwhile, the eavesdropper who tries to listen in the conversation has no idea what you guys are talking about.
This is obviously an over-simplified explanation. You may ask what if the eavesdropper actually understands the language. In the real world situation, a much more complex algorithm would be used to jumble up the information exchanged between two parties, to the extend the eavesdropper may take years to decode the information. Long enough to call it secure so there is no need to make the phone self-destruct after 5 seconds.
How to tell if a website is secure or not?
As mentioned above, just by looking at the URL you can already tell if the website is secure or not.
If the URL starts with HTTP it means the website is not secure. Any information you submit through the website could be stolen and misused by ill-intentioned 3rd party. If you are using Google Chrome, you may see the following warning:
If the URL starts with HTTPS it means the website is secure. Once again, if you are using Google Chrome, you will see the green padlock:
Is SSL really important?
Is SSL really important? This depends on what standpoint you are looking from.
If you are looking at it as an Internet user, and you are visiting a website that is not secure, you need to fill in an inquiry form, the form requires you to fill in too much confidential information like NRIC number, phone number and home address (a lot of Singaporean websites like to ask that, even when the information is not really needed!) Such information that you share with the website can possibly be obtained by unintended parties. How do you feel about that?
If you are a website owner and your website is not secure. What will your visitors think of you especially if your website is for your business?
You may ask what if your website does not carry out any e-commerce transaction nor does it even have a web form, does it still matter whether or not it is secure? You want to read the next few sections, which concern mostly people who own website for their business.
SSL will impact your website ranking
If you own a website for your business, and you care about good ranking, ie better chances of people finding you when they search on Google, SSL matters to you! Google themselves have said it! See HTTPS as a ranking signal
You may also search “ssl google ranking” to see what the SEO experts are saying.
But I would like to make a fair statement: Even though Google has been pushing the idea through since 2014, to date there are still only a small fraction of websites are SSL enabled. Which means to say, if Google starts to drop ranking of websites that are not secure, it will not have much to show in its search results. Which is not good for its business! But does this mean the day will never come? I don’t think so. Google is a very powerful authority as far as Internet is concerned. When they say they will do something, they will make it happen. So, this is still a subject that you should not sweep under the carpet and wait until it really happens than say.
So, as a website owner, it is not just about being a good netizen when you secure your website, it does give you real perks. The sooner you do it the better!
How to secure your website?
This blog post will not be useful if I did not at least share about how to SSL enable your website. But I had also mentioned earlier this is not suppose to be a technical write-up, so I will just share with you some quick tips.
I assume you are not a technical person. If you are you wont be reading this. So as a non-technical person, these are what you can do to SSL enable your website, ie to secure it:
Option #1: Ask your hosting company
If you have a website, then you have a hosting provider. A hosting provider is the company that owns the server that is hosting your website. You may send them an email using the following text:
Dear [hosting service company],
I understand my website is not secure. I would like to secure it with SSL. Can you tell me the cost and help me do it?
If you have no idea who your hosting provider is, we need to talk!
Option #2: Do it yourself
I’m just kidding! Please don’t! If you are a technical person, you should already know how to do it. But if you are not, and you think you can learn how to do it simply by following some tutorials, best of luck to you! If you fail to get it right, you may risk bringing down your website. That’s not helping! Don’t get me wrong, I’m not questioning your capability. I believe everyone is able to do anything if they put in enough effort. But my question is: Should you really invest the time and effort to do it yourself? Isn’t your time supposed to be spent on something else more important, such as running your business? Or is Internet your business? (Once again you will not be reading this if Internet is your business!) So what can you do? There is the last option…
Option #3: Let me help you
If your website runs on WordPress, this will be a good news for you. I have recently launched a start-up to offer WordPress hosting and maintenance services. You just need to move your website over and let us host it, we’ll automatically secure it with SSL. Plus several more enhancements that further protect your website from cyber security risks and major speed improvements. Check it out at WP Sifu.
P/s: We beta lunched the service a year ago and none of our clients’ website had any incident at all since!
There you have it! I have shared in this post what is SSL, how does SSL work, how to tell if a website is secure, is SSL really important, how SSL will impact your website ranking and how to secure your website. I have to make two things very clear before I conclude this post:
- Securing your website with SSL WILL NOT protect it from hacker attack. So do not think by having HTTPS at the beginning of your URL is all you had to do. There are still many things you need to do to make sure your website is safe from hacker attacks. Leave me a comment if you want me to write about it next.
- A secure website does not always mean it’s legitimate — Bad people can create a website, secure it with SSL and use it to steal your data. This is totally possible. So exercising vigilance is the key!