https:// - Padlocked and Secure?

About the padlock - what does it mean and why might you want one for your website?

Privacy, or lack of it on the internet and our daily lives, is hotly debated.

Ironically, those very organisations which profit from analysing our online activities are the most vocal in the promotion of techniques to prevent people’s browsing habits from being exposed. Google is actively encouraging the use of SSL across all websites.

This is not the appropriate blog post to investigate or query their motivations - rather we’ll look at the practical use of SSL (the little padlock) in securing your website and making your visitors feel safe.

What is an SSL Certificate?

An SSL Certificate is an electronic means of ensuring that communication both ways between a website and its visitors cannot be read by a third party, or “man in the middle”.

Why do I need an SSL Certificate?

Strictly speaking, you don’t. But if you’re running an e-commerce website and want your customers to enter their credit card details into a form on an insecure web page, then good luck with that!

Also, should a ne’er-do-well be eavesdropping and manage to make away with your customer’s details then you’ll either need deep pockets to pay the penalties, a great team of lawyers, or both.

Even if no financial information is passing between the visitor and the website, maybe the visitor is using free Wi-Fi somewhere at a coffee shop. Maybe the hotspot has been provided by someone with less that good intentions. Maybe one of the other customers is a hacker* monitoring the internet traffic, for sundry nefarious purposes.

Browsers such as Firefox and Chrome will now warn you if you attempt to enter any information into a form on a webpage that is not protected by SSL. They won’t stop you but they will make you stop and think.

Don’t relax too much

Just because a website is SSL secured and appears to do everything properly, that doesn’t mean you can trust them. It only secures communication between the browser and the webserver. It does nothing to ensure that once acquired, data is properly handled.

Google SSL advantage

A good reason for having an SSL certificate “protect” your site is that Google would like you to. And might just reward your site with a better ranking over one which does not have SSL.

How do I get SSL for my site?

Some ISPs make SSL available as part of their hosting plan. Others, including ourselves, can provide you with the necessary at a reasonable cost. Whereas at one time you would have to pay anything from £100 upwards, basic SSL certificates are now available (at the date of writing) for a much more affordable £30 or thereabouts depending on the current exchange rate.

* OK I know the correct term is cracker, but realistically I fear we’ve lost the argument on that one.