SSL explained

SSL and Website Security

A website with an SSL certificate configured for the domain starts with an https rather than an http – signifying that it uses SSL. If that SSL is properly configured, you might also see a little symbol of a closed padlock.

SSL explained

But what does this actually mean ?

There is some confusion around what exactly an SSL (Secure Socket Layer) certificate does for your website.

SSL is a method of providing a secure communication between a persons web browser on their client computer/phone/tablet and the web server, where the website lives. This means that the two can use encryption in their communications (sending data back and forth to eachother)

This is great and provides an added layer of security to web based transactions but it does NOT mean the website is inherently secure in itself and less likely to be hacked into / hijacked etc, for malicious purposes. In other words, SSL is not a catch-all for a secure website. It only relates to the communication between you and the website, not the security of the website itself.

The most common use of SSL certificates is on eCommerce sites, since these usually need to handle sensitive data between client and server when processing transactions. However, any sites handling sensitive data should also properly use an SSL certificate.

So, in summary SSL will

1. Protect communications between the client and the server from eavesdropping.
2. Provide the client browser with assurances about the server’s identity

What SSL is not
It is not something that will make your website / web application more secure in itself. Using HTTPS communications will not protect you against improperly coded Web applications, SQL injection, cross-site scripting, denial-of-service (DoS) attacks or any other Web threats or vulnerabilities in your website.

Getting SSL for your website
This is fairly easily done these days. There are sometimes some small costs associated with an SSL certificate but some hosting providers will provide one for free. If you want to talk about getting SSL for your WordPress site, get in touch with us, we will be happy to help and, in most cases, provide this for free as part of our WordPress hosting plans.