Should I use SSL on my website?
Secure Sockets Layer or in short SSL, is an encryption technology used to secure communications between the web server and the user. SSL encryption helps preventing eavesdropping hacker attacks. Web pages protected by SSL show a padlock icon that signifies that they are secure. Since Google is giving a slight boost in rankings to websites that are using SSL, many web owners and web masters are wondering: “should I implement SSL on my website?” The answer is that indeed they may benefit from an increase in rankings if they use SSL. But the answer to this question is actually more complicated and depends on certain factors and whether or not you use SSL only for certain pages or site-wide.
SSL on my site – Is it necessary?
In the case that you have an ecommerce website and sell products online, SSL is necessary. Especially if your customers make credit card payments directly on your website, you certainly need SSL in order to protect and secure your customer’s credit card info with SSL encryption – in these cases we recommend a stronger SSL certificate that can also encapsulate subdomains (for instance your online store is at store.mydomain.com). However, you won’t necessarily need SSL implemented on your entire site. You may use SSL only on your checkout pages or in your online, for instance, but you could implement SSL across your entire site to increase trust. In case that you only use PayPal or another offsite solution for payments, you don’t really need SSL encryption.
Another situation when you might need SSL is when you offer memberships on your website, free or paid. SSL might be a good idea in order to protect your members’ personal info such as names, addresses, and passwords. You certainly do not want to risk being responsible for a security breach through a man in the middle attack on your membership based website that will result in your members’ private data being spread across the net.
You will also need SSL if your website contains forms that gather sensitive information from your visitors. If your website’s visitors are asking to submit any personal information, photos, documents, via online forms, SSL can keep that information safe. It is also a matter of HIPAA compliance in the healthcare field.
But in case that your website is just a blog, you probably don’t need to implement SSL encryption unless you are OK with the cost of implementation and are looking for that boost in SERPs from Google.
Are SSL websites really secure?
Since SSL encryption secures only the network communication link, this is not enough to make a website completely secure. SSL does little to prevent hackers’ attacks on a website infrastructure, the host they are running on, or the software they are running. It has only the role to prevent 3rd parties from intercepting the communications between the website and the user. For sensitive applications SSL is an important security layer, however most of the website attacks are not actually done this way. Website attacks are actually done by using the following methods:
Should I use Site-wide SSL?
There are some benefits to use SSL globally:
When is it important to have SSL?
SSL is an important security layer if you are transmitting sensitive private data over the net. The consequences of not protecting against eavesdropping may be serious, not as much to the website but to the individual. For example, any visitor accessing your website from a coffee shop or other public Wi-Fi connection can be eavesdropped by others at the same location. SSL helps protect your customers by encrypting the data before it is sent by the server AND before it is sent by the user.
Your login form is the most high-risk form, because it asks for password and username. These login credentials can be obtained by an eavesdropper and then he can log in as that user. “Sensitive private data” needs special protection since it should only be known to the user and the website owner. One example of sensitive private data is credit card numbers.
Other personal information such as names, phone numbers, mailing addresses, and email addresses are not considered private, but a good website owner will take steps to ensure this data is secure. There is also a grey zone between personal data and private data. If you collect enough personal data, the risk of identity theft increases. Identity numbers such as SIN, SSN, health card numbers, driver license, or passport numbers, along with birth dates may collectively comprise enough data to create an identity that could be stolen.
SSL also allows for verifying the website owner. SSL on my website proves to my visitors that I am really who I claim to be. The process of obtaining an SSL certificate requires a third party SSL issuer to verify the registrants information proving they are who they say they are (rather, this website is what it says it is).
The pros of site-wide SSL
The cons of site-wide SSL
So, Should I use SSL on my website?
Many of the cons of using SSL on the entire site are issues that can be alleviated by more content providers and more sites to total SSL use. It is certainly recommended to implement SSL on those pages on your website that need more security, such as sensitive submission forms, login pages, and other traffic that needs to be encrypted. However, over time it is expected that most of the internet will switch to SSL, so you can prepare in advance and just expand your SSL usage to the rest of your website. Soon site-wide SSL will become a standard in web design and if you’ve gotten to the bottom of this article you will have figured out we are for the use of SSL on your entire website (we do it).