If you look at the address bar in your browser you’ll see that my website is now showing Secure with a green lock symbol and that the address starts with https. This means that SSL website encryption is enabled and working.
What is SSL?
SSL is a standard security protocol that is used to encrypt and secure data transmitted between your web-browser and a website. It’s important to check for SSL on websites where you may transmit sensitive data, such on as e-commerce or banking websites, in order to prevent hackers from intercepting data such as credit card or account login information.
My website host recently deployed AutoSSL, which is a service that has allowed me to quickly and easily implement encryption using a free SSL certificate. You usually have to pay for an SSL certificate through GoDaddy or some other SSL certificate authority, but this free SSL option provides many of the same benefits as a paid certificate.
There are a few key difference compared with a standard SSL certificate. For instance they are only valid for a short period of time and only include Domain Control Validation (DCV), which proves ownership of the domain. Paid-for certs can provide high levels of trust that prove the certificate was requested by an actual company. For many websites though, including mine, this isn’t needed.
Once I setup SSL encryption, I tested it using Qualy SSL Labs SSL Server Test (https://www.ssllabs.com/ssltest), which performs a free online analysis of SSL services. Below are the results.
As you can see, my site is using a 256-bit certificate issued by cPanel, Inc. In addition to SSL certificates, cPanel provides the control panel website management software my website and many other websites utilize.
There has been a big push to secure more websites on the Internet using SSL. Besides AutoSSL, such are other free SSL services such those provided by LetsEncrypt.org. They are sponsored by Mozilla, Google, Cisco and other major companies. Their goal is to provide free, automatic, open-source encryption for everyone. You can find out more information by going to letsencrypt.org.
Why you should use SSL on all websites:
There are many reasons to secure all websites, even if it isn’t used to transmit sensitive data.
- Google Chrome, as of version 62, has started flagging all websites that accept text input as insecure.
- Google gives better page ranking for websites that are SSL secured.
- By not providing SSL encryption, you can expose users to man-in-the middle attacks where ads, downloads or malicious code is injected into your website requests.
- Cyber criminals may be able to gather information on you, such as what websites you are surfing, by collecting web browsing data from you as you surf web pages.
With easy and free SSL options now available, its becoming easier than ever to provide website encryption. If you have a website, even if it isn’t used to transmit sensitive data, I encourage you to check with your web host to see if AutoSSL or LetsEncrypt are options.