Have you ever noticed that some URLs on the web have an “s” after “http”? What exactly does this mean?
Basically, the “s” signifies you are browsing a secure website, meaning all data transferred between your browser and the web server is encrypted. The protocol for making it all work is called SSL (Secure Socket Layer) or TLS (Transport Layer Security). TLS is now the standard, but people still commonly refer to this technology as SSL.
Why you need SSL
When a user submits information on an insecure site, it is possible for hackers to intercept this communication and use it for nefarious reasons. The purpose of SSL is to create a secure connection between the browser and the server so that no one can intercept and read the transmitted data. It not only protects the data, but it also ensures the browser is connected to the correct server and the requested data is actually delivered. This is especially important for sites that have e-commerce or handle donations, where sensitive information like credit card numbers and passwords are submitted. If users are submitting any information on your site that you want to keep private, you need to make sure your site is using SSL.
Even if you’re not requesting sensitive data on your website, SSL has some other added benefits. Browsers include visual indicators that let users know they are viewing a secure website. This includes padlock icons and sometimes green text or the word “Secure”. Some browsers will even let the user know that a web page is insecure if there is no SSL and the page has a form. The point is, having these secure indicators conveys trust to your users. Users will know that they are viewing a legitimate and reputable site.
Additionally, having SSL can be good for Search Engine Optimization (SEO). Google has been pushing for a more secure web, and their browser, Chrome, isn’t shy about showing the security status of a website. So, Google has been including SSL as a ranking signal in their search algorithms. Although the signal at this point is small, it’s apparent that the internet in general is moving to become more secure and SSL will become the norm.
How can you get it on your site?
Websites create secure connections because of SSL certificates. SSL certificates are electronic documents that verify the identity of the certificate’s owner and allow for secure communication. These digital certificates are issued by authorities which require the certificate owner to verify site ownership. Typically, you can purchase a certificate from your hosting company and they will install the certificate on your website. If you purchase an SSL certificate, make sure to renew it as most certificates are set to expire annually. Sites with expired SSL certificates will show insecure content warnings.
Alternatively, you can use an auto-generated SSL certificate which automatically renews using a certificate management agent on the server. You verify ownership of the site via your domain registrar, and the certificate will be generated and renewed for free. We use Let’sEncrypt for the sites we host on our servers.
Having a secure site is becoming a necessity for any organization that has a presence on the internet, and here at Visceral we launch all of our projects on https by default. We are happy to see big internet companies and communities push this trend, and we look forward to continuing our contributions of making a more secure web!
Take a look at your website and see if you’re using SSL. If not, feel free to contact us and we’d be happy to help you secure your site.