Basic Guide to Understanding SSL Certificates

By Jason Chow on June 14, 2018. Filed under: , .

As more and more online payments and transactions become commonplace, the need for security has also increased for both a user and the website owner. With the number of hacking incidents continuing to rise, it’s essential that your website employs the proper security tools to protect your WordPress website from hackers.

Having an SSL certificate on your website could be the factor that determines the safety of your website, and it’s users. In this article, we’ll go through the basics of SSL so that you understand how to utilize it effectively for your business.

What is SSL?

You might ask yourself, “what the heck is SSL?”. Well, to put it simply, SSL (Secure Sockets Layer) is a protocol that allows your browser to create a safe connection between itself and a website or server.

When you have an SSL certificate, it verifies that the legitimate and appropriate company owns the website that’s being accessed. It ensures that visitors are visiting the correct site and helps prevent other people from impersonating your company and website.

For customers and users, an SSL certificate helps establish a secure connection between their browser and your website’s server. This adds another layer of data encryption that will protect sensitive information such as passwords and credit card details.

How does SSL work?

So now that you know what an SSL is, you might wonder how it works. Well, there are a few steps to it, but in a nutshell, the process of how SSL works with a website is summed up below:

  • A visitor connects or loads up a site (i.e., web server) that are secured with SSL in a browser. The browser/server will request for the web server to identify itself.
  • The web server will then send a copy of its SSL certificate to the browser/server.
  • The browser/server will then check if the SSL certificate can be trusted or not. Once it’s checked, it will send a message to the web server.
  • Upon receiving the message, the web server will send back a digitally signed acknowledgment to initiate an SSL encrypted session.
  • Now all the data shared between the browser/server and the web server will be encrypted.
  • HTTP to HTTPS_SSL

The whole process is commonly known as the “SSL Handshake,” and throughout the process, your website and your visitor will have a secure session which will prevent anyone from stealing or accessing data that’s being shared.

Importance of SSL to Google

We’ve mentioned how important SSL is, especially for eCommerce sites to keep a customer’s personal information safe from hackers.

However, having an SSL goes beyond that. In fact, having an SSL or not will have an effect towards your search ranking on Google as they will be labeling all standard HTTP pages as non-secure, starting from July 2018 onwards.

Treatment of HTTP Pages

While you might be able to function without an SSL certificate at the moment, we recommend having one sooner or later as Google will start penalizing and issue warnings to sites which are not using HTTPS.

Installing SSL on WordPress

Now that you’ve understood the importance of SSL, how do you install it on your WordPress website?

Well, you’ll be glad to know that install an SSL certificate on WordPress is surprisingly easy and requires minimal coding or changes on your side. All you need to do is use the right plugin, and you’ll have a website that’s equipped with SSL.

If you need a little help to get started, follow the step-by-step guide below:

  • First, you need to either purchase your SSL certificate from a hosting provider or get one for free (more on the difference later). Some web host provider, such as WPEngine, will set up an SSL by default.
  • Once you’ve got the SSL, you need to install it to your domain. If you have unlimited domains and maintain many sites, you need to choose one to install the SSL.
  • Use a plugin to do most of the work for you. Some plugins will help set up your site with the SSL automatically, just by activating it. A few that we recommend you use are Really Simple SSL, CTW SSL for Cloudflare, and WP Force SSL.
  • After you’ve installed the plugin to maintain your SSL, you’ll then need to modify your WordPress setting. Head to your “Settings” and look for a “Site Address” text box. Make sure that your domain’s prefix is “https.”
  • Another step that you can do is to modify your .htaccess manually with some simple coding. Just load up the file in an editor and add the following lines:
<IfModule mod_rewrite.c>

Rewrite Engine On

RewriteCond%{SERVER_PORT}80

RewriteRule^(.*)$ https://domainname.com/$1 [R.L]

</IfModule>

Do everything correctly, and you should have a secure website that comes with an SSL certificate!

Difference between paid and free SSL

We’ve mentioned earlier that you can opt for a free or a paid SSL, but what’s the difference? While both do offer the same level of encryption, there are some difference SSL certificates that you should be aware of.

SSL Certificate Type

A free SSL certificate only comes with a Domain Validation (DV) option which is used only for providing basic level authentication. These are useful for small websites and blogs. Paid SSL certificates, on the other hand, offers Organization Validation (OV) and Extended Validation (EV) options which are necessary to protect medium or bigger business websites.

Level of Validation

For free SSL, Certificate Authorities (or CA) do not validate anything besides the identity of the website owner. For paid SSL certificates, a CA must conduct an in-depth verification of the business and the website owner before issuing it.

Validity Period

The validity period for a free SSL certificate only lasts for 30 – 90 days. This means that every 30 – 90 days, you’ll have to renew your certificate. While as paid certificates can be issued for a period of 1 – 2 years.

Support

When it comes to customer support, paid certificates are better as certificate authorities, and SSL resellers are committed to giving support to their customers either by chat, email, or phone call. On the other hand, if you’re having issues with free SSL certificates, you’re going to have to solve it yourself by going through old forum posts.

Warranty

If anything goes wrong with your free SSL certificates, then you’re out of luck, even if the fault lies on the CA’s end. Those who opt for paid certificates, they come with warranties that can pay anywhere between 10 grand to over 1 million.

Benefits of SSL

In this world, there’s no such thing as a perfect security system. For example, if you decided to publish sensitive information on your website without a password, then even having an SSL won’t prevent it from any unauthorized viewing.

However, there are many benefits to having an SSL certified website, especially for small businesses. Among them are:

  • Having your site look more professional as applying for an SSL certificate requires you to be checked by a certificate authority before issuing them.
  • Visitors will be more loyal to your website since they know that their information, such as credit cards or emails, are protected.
  • If you’re selling online, shoppers will check if you have an SSL certificate and are likely to visit if you have one.
  • Visitors are more encouraged to make a purchase using online checkout if you have SSL. Some reputable checkout system might have their own SSL, but it’s best that you have own SSL certificate instead.
  • All of your information will be protected. Whenever you send a promotional code or a voucher to your website’s visitor, SSL protects all of the information that you send and receive.

You might feel like you’re being forced to implement an SSL certificate on your website due to big businesses such as Google. But at the end day, SSL certificate is an important security feature, and it only cost a small price to pay to give your customers and visitors peace of mind whenever they visit your website.

 

Jason Chow is a fan of WordPress, manages and promotes WordPress websites. He reads about news related to internet marketing and startups. You can get in touch with him on social media via Twitter.