I’ll jump straight to the point: SEO & GDPR. If that is not enough, just think of your users and the security of your transactions. If you are having any kind of transactions on your site security should be mandatory by itself.
There are many aspects to securing your website.
- web application (ex. php)
- scripts (js, jquery…)
- database (ex. MySQL)
- server access (hosting, shell access, password management…)
- SSL protocol
Web applications, scripts, database and server access (except for password management), are mostly already covered either by your datacenter/hosting provider and by the application you are using.
Here we will focus on SSL protocol and all the joy it comes with it. 🙂
Why should you have the SSL certificate?
General Data Protection Regulation from the European Union known as GDPR says that all personal information should be protected and encrypted in online communication. If you have a business in the European Union or have clients from European Union you should be GDPR compliant, or risk massive fines.
Using SSL certificates complies with GDPR and helps you avoid GDPR fines.
SEO or Because Google said so
This is old news today, however many seem to be not aware of it, or simply don’t care. Well if you want to liked by Google and care about your SEO, you should start thinking about SSL certificates.
In 2017 Google started flagging websites that do not use an SSL certificate. If your site is unsecured Google will notify the visitor of your website and inform them that the website they are browsing is not secure. It goes without saying that that kind of notification scares away visitors to your website.
Using SSL certificates positively affects your SEO ranking, and not using them will have a negative effect on SEO ranking in Google search.
Because you care
Online presence, communication, business in general, is about trust. You care about your visitors and you care if they do not trust your website. Even before GDPR and Google, SSL certificates were used because there was a need for secure communication and encryption of data between your visitors and your website.
Secure websites are good practice and are highly recommended for all that do online communication with their visitors.
SSL (Secure Sockets Layer) Certificates are small data files that digitally bind a cryptographic key to an organization’s details. They secure connections between a browser (or visitor) and server (the website). With a secure connection, third parties cannot break into communication and steal information. Even if they do, that information will be highly encrypted and almost impossible to break – so it is useless to them.
Yes, I sad “almost” – in theory, you could break – if you had supercomputers, NSA resources, and a lot of years to “wait” 😉 – but that is just my opinion.
If your visitors, or users, are doing some actions on your website, like shopping or filling out online forms – you want their information safely delivered to you, and most of all you want them to feel safe and show them that you care about the security of their data.
You will know if the website you are visiting is using SSL certificate by their protocol in the browser –
https – and “lock” icon. It usually looks like this:
I have a SSL certificate – am I safe?
You are not really expecting a straight answer, are you? 🙂
If you have a simple website and all your pages are loading in all (at least major) browsers with “Connection secure” information than it would be safe to presume that your website is safe. You don’t have to worry about your SSL implementation.
However, today in 2020., there are still a number of websites that are not using SSL. Or if they are using it, it is not fully or properly implemented, resulting in insecure connections.
So – is your website safe?
Open your website in the browser and look at what it says next to your address.
If your website loaded with
http protocol instead of
https – your website is not safe and you should fix this.
If next to your address is one of these messages:
- Info or Not secure
- Not secure or Dangerous
You should take immediate action to secure your website. Even if your website is loading with a secure protocol and has an SSL certificate, you could still see a message above.
If you do not own the SSL certificate you should buy one and integrate it with your website.
Types of SSL
There are several types of SSL certificates and depending on what you need them for you can choose your type:
- Extended Validation Certificates (EV SSL)
- Organization Validated Certificates (OV SSL)
- Domain Validated Certificates (DV SSL)
- Wildcard SSL Certificate
- Multi-Domain SSL Certificate (MDC)
- Unified Communications Certificate (UCC)
Some SSL certificates you have to buy, some are free, or come with your hosting – these are shared SSL certificates. However, the most important thing is to choose the appropriate certificate for your business.
You don’t have the SSL certificate
It goes without saying that you should get one.
Oktarin will analyze your website, and with your input, we will suggest which type of certificate is best suited for your website. Once the SSL certificate is acquired comes the integration part.
You have the SSL certificate – what is next?
You bought the SSL certificate. Excellent!
This is the part where things get either very easy or very complicated. Some open-source applications already have built-in options for activating SSL protocol and all you have to do is activate it.
However, usually, it is not enough. This is where Oktarin can help you with your SSL integration.
A simple list of “to-do” tasks would look like this:
- We make a copy of your website for testing purposes.
- We analyze your structure, pages, and link and resources you are using.
- Depending on the result we make a plan what needs to be fixed.
- If needed you are asked to get secure links for resources from your partners – we will provide you with a list of course.
- We integrate SSL certificate and force https protocol
- Test. The most important part – you would be surprised how many unplanned bugs can result from “simple” change from HTTP to HTTPS.
- Bugfixing, if there are any
- Making changes to the production website.
- A final test on the production.
- Work completed 🙂
Of course, this can vary in time and effort depending on the complexity of the website, your structure, and the integration of your website with other third-party applications.