Should I Use SSL on my Website?

Should I use SSL on my website?

Secure Sockets Layer or in short SSL, is an encryption technology used to secure communications between the web server and the user. SSL encryption helps preventing eavesdropping hacker attacks. Web pages protected by SSL show a padlock icon that signifies that they are secure. Since Google is giving a slight boost in rankings to websites that are using SSL, many web owners and web masters are wondering: “should I implement SSL on my website?” The answer is that indeed they may benefit from an increase in rankings if they use SSL. But the answer to this question is actually more complicated and depends on certain factors and whether or not you use SSL only for certain pages or site-wide.

should-i-use-ssl-on-my-website

SSL on my site – Is it necessary?

In the case that you have an ecommerce website and sell products online, SSL is necessary. Especially if your customers make credit card payments directly on your website, you certainly need SSL in order to protect and secure your customer’s credit card info with SSL encryption – in these cases we recommend a stronger SSL certificate that can also encapsulate subdomains (for instance your online store is at store.mydomain.com). However, you won’t necessarily need SSL implemented on your entire site. You may use SSL only on your checkout pages or in your online, for instance, but you could implement SSL across your entire site to increase trust. In case that you only use PayPal or another offsite solution for payments, you don’t really need SSL encryption.

Another situation when you might need SSL is when you offer memberships on your website, free or paid. SSL might be a good idea in order to protect your members’ personal info such as names, addresses, and passwords. You certainly do not want to risk being responsible for a security breach through a man in the middle attack on your membership based website that will result in your members’ private data being spread across the net.

You will also need SSL if your website contains forms that gather sensitive information from your visitors. If your website’s visitors are asking to submit any personal information, photos, documents, via online forms, SSL can keep that information safe. It is also a matter of HIPAA compliance in the healthcare field.

The Ultimate Managed Hosting Platform
The Ultimate Managed Hosting Platform

But in case that your website is just a blog, you probably don’t need to implement SSL encryption unless you are OK with the cost of implementation and are looking for that boost in SERPs from Google.

Are SSL websites really secure?

Since SSL encryption secures only the network communication link, this is not enough to make a website completely secure. SSL does little to prevent hackers’ attacks on a website infrastructure, the host they are running on, or the software they are running. It has only the role to prevent 3rd parties from intercepting the communications between the website and the user. For sensitive applications SSL is an important security layer, however most of the website attacks are not actually done this way. Website attacks are actually done by using the following methods:

  • Direct attack on the server. In this case SSL cannot protect you, but rather you need a good security policy on your server along with some type of server hardening or countermeasures that will prevent or stop attacks.
  • Direct attack on the user, either by using “phishing” to steal passwords or by infecting their PC with malware. SSL cannot protect you from attacks on users, either. To protect you from this you need a good anti-malware and anti-virus program.
  • Should I use Site-wide SSL?

    There are some benefits to use SSL globally:

  • Trust. If I have SSL on my websitesite implemented site-wide then my customers will trust the pay an invoice or make a purchase call to actions when they see that green padlock. My clients and partners will know that their information is safe and secure.
  • A lower bounce rate. This is a direct consequence of the higher trust.
  • Fewer concerns or questions from customers making payments on the site.
  •  

    should-i-use-ssl-on-my-website-increase-trust

    When is it important to have SSL?

    SSL is an important security layer if you are transmitting sensitive private data over the net. The consequences of not protecting against eavesdropping may be serious, not as much to the website but to the individual. For example, any visitor accessing your website from a coffee shop or other public Wi-Fi connection can be eavesdropped by others at the same location. SSL helps protect your customers by encrypting the data before it is sent by the server AND before it is sent by the user.

    Your login form is the most high-risk form, because it asks for password and username. These login credentials can be obtained by an eavesdropper and then he can log in as that user. “Sensitive private data” needs special protection since it should only be known to the user and the website owner. One example of sensitive private data is credit card numbers.

    Other personal information such as names, phone numbers, mailing addresses, and email addresses are not considered private, but a good website owner will take steps to ensure this data is secure. There is also a grey zone between personal data and private data. If you collect enough personal data, the risk of identity theft increases. Identity numbers such as SIN, SSN, health card numbers, driver license, or passport numbers, along with birth dates may collectively comprise enough data to create an identity that could be stolen.

    SSL also allows for verifying the website owner. SSL on my website proves to my visitors that I am really who I claim to be. The process of obtaining an SSL certificate requires a third party SSL issuer to verify the registrants information proving they are who they say they are (rather, this website is what it says it is).

    The pros of site-wide SSL

  • Implementing SSL on my website is technically easier than limiting it to a selection of pages or on a single page. Site-wide SSL on my website requires less work for the technical staff.
  • If your submit button is secure but your login page is unsecure, your users may think that their data is not encrypted even if the actual transmission and submission of info is totally safe.
  • Having SSL on my website across all the pages minimizes the ability of phishers to pull off impersonation attacks. This way my visitors can expect a certain level of safety when browsing my website.
  • SSL on my website can prove my visitors that I am who I claim to be. My visitors can confirm my identity by clicking on the SSL padlock icon.
  • Even if I probably don’t really need SSL on my website, I get better page ranks from Google than if I don’t use SSL.
  • The cons of site-wide SSL

  • SSL requests require more bandwidth and processing power than unencrypted traffic and this can lead to server overhead.
  • SSL certificates may pose a challenge to content distribution networks. When the browser asks for the website SSL certificate, the disparity between the actual host name and the expected one may cause an error and the connection might be judged as untrustworthy by the browser. These issues appear in case that you use CDNs, subdomains, and ad networks. This requires more advanced setup with CDN services such as CloudFlare
  • Even if I am using SSL on my website on all its pages, but my site is infected with malware sensitive data could be stolen. SSL throughout the entire website creates for visitors just a false sense of security.
  • SSL can also interfere with certain tools for measuring SEO performance.
  • So, Should I use SSL on my website?

    Many of the cons of using SSL on the entire site are issues that can be alleviated by more content providers and more sites to total SSL use. It is certainly recommended to implement SSL on those pages on your website that need more security, such as sensitive submission forms, login pages, and other traffic that needs to be encrypted. However, over time it is expected that most of the internet will switch to SSL, so you can prepare in advance and just expand your SSL usage to the rest of your website. Soon site-wide SSL will become a standard in web design and if you’ve gotten to the bottom of this article you will have figured out we are for the use of SSL on your entire website (we do it).