The Whats and Whys of SSL

Unsure of whether or not SSL for your website is worth the price?

It is apparent that SSL (Secure Socket Layers) internet protocol is becoming a requirement for most websites. First of all it is definitely worth pursuing an SSL certificate if you can get one for free from your hosting provider. There are several projects that are offering it for free to some hosting providers. It seems like good incentive to change hosts, if you aren't all that satisfied with your current plan and they don't offer one. For most paid SSL certs it is not exactly cheap (especially if you are a small business / organization).

Reasons to pursue an SSL certificate

Hackers and Identity Thievery

Many people have experienced a hacked email account or locked screen due to malware. This is why web browsers are now adding warnings to forms that are setup to be submitted insecurely over HTTP. The reason that http connections are insecure is mostly due to mobile and wireless connections being vulnerable to packet sniffers, which could in turn see your data in plain text and would easily be extracted from your form submission if intercepted. Also, packets heading towards the web browser from the server could be altered to have malware. That would certainly make visitors not want to return! The concern is less worrisome if you are browsing on a wired connection, but there are still some possible security threats. So to maximize your visitors return / conversion rates, by making them feel comfortable, HTTPS connections are highly recommended!

Google Search and APIs

Google has started to consider your connection type as a ranking factor, and many of their API's which increase user engagement and retention also count on HTTPS to keep them from being blamed for a hack / attack. At the moment, HTTPS is a small factor (considered a tie breaker), but it may make sense to switch now even if you do not take advantage of their APIs. Who knows what hack will come out next? Google wants to serve the best results possible, secure connections may become of higher value in the future. Another advantage of using HTTPS, is that Google will index your progressive web app if you are properly using a secure connection. SSL opens up many possibilities such as being able to send notifications to the desktop or mobile device, user signins using Google or Facebook ids etc.

Speed

The long awaited HTTP2 protocol, which requires a secure connection is here (if your host supports it), which will in turn benefit loading speed. HTTPS used over the original specification requires some extra round trips (hand shakes) and therefore will not be as fast as a regular HTTP (insecure) connection. But when HTTP2 is employed, the benefits will be great, especially for larger pages with many requests. One of the optimizations is that more connections to your server will be allowed, making many current complicated optimization processes no longer as necessary. CDN's (Content Delivery Networks) will still provide some benefit in most cases. But the speed improvement will be less dramatic if your users are already close to your server or you already have a distributed server setup. Image spriting and script combination may even be slower on an HTTP2 connection. Less pre-processing and simpler coding is a great benefit of the new protocol.

Types of Secure Connections Available

Self Signed Certificate

Probably not the ideal solution, but if you do not care about the Google ranking boost, it might be helpful. There are ways to fake certificates, so it is best to choose one from an authoritative provider.

Free SSL

There are some free certificates available which are considered to be safe by Google and users, and are certainly recommended as the most cost efficient solution to securing your website and customer / visitor data.

Paid/Upgraded - SSL/TLS

If your hosting provider doesn't support any free SSL projects (currently many don't), you should be able to purchase one through them or a 3rd party (and have them install it for you), if not, I'd recommend getting a new hosting service! If you want to show your customers that you really care about security because they are buying from your website or are providing sensitive information, you might want to consider buying a higher grade SSL/TLS certificate, which uses a higher bit encryption standard for the ultimate in security. Most browsers will display a slightly different "Locked Icon" and provide details about the strength.

Conclusion

All in all, it is highly recommended to start working towards the upgrade to SSL (Secure Socket Layers) aka for the latest version of SSL (HTTPS); TLS (Transport Layer Security). Speed, user satifaction and even Google ranking can be affected in a good way (if implemented correctly).

 
See Security Category | SEO Category | Created: 2017-06-26 13:03:33

Subscribe!

Stay informed about the latest in web technology!