Why Your Website Needs SSL And How To Install It On Your Website
When the Internet was first conceived, nobody thought that it would become so big. These days, the Internet is the lifeblood of business. People go online to find information, to make financial transactions, and a lot of other things. In short, a lot of sensitive information is exchanged between a website and the web browser of visitors.
The rules that govern Internet traffic do not, by default, encrypt the transmission between a web browser and the web server. Without encryption, anyone can use a sniffing tool to get access to be data being transmitted between a website and the web browser and read it.
SSL stands for Secure Sockets Layer. By installing an SSL certificate on your website, you can encrypt the data transmitted between the web server and web clients. In this manner, the data transmission remains secure, and nobody can read the data being transmitted.
Benefits of installing an SSL certificate on your website
As mentioned above, the biggest benefit of installing an SSL certificate on your website is that it secures the transmission between your website and browsers used by visitors. By encrypting the data with the help of SSL certificate, you can protect sensitive data from hackers and identity thieves.
By installing an SSL certificate, you also ensure that your website is seen as a trusted website by visitors. When you install an SSL certificate, you are also given a trust seal by the SSL providers. This trust seal helps in enhancing trust in the eyes of visitors.
A website with an SSL certificate will display a padlock icon in the browser which is seen as a sign of trust. It also protects your visitors against phishing attacks. Using HTTPS on your website makes it extremely difficult for cyber criminals to impersonate your website which protects your visitors from phishing attacks.
Google, the biggest and most popular search engine, announced in 2014 that it would give higher rankings to secure websites in the search results. In other words, installing an SSL certificate on your website will give it a push up the search rankings provided all the other factors remain same.
If you run an online store or collect any sensitive information on your website, you need to install SSL today. The Chrome browser from Google will start displaying “not-secure’ notice for websites if any sensitive information is collected on a website without an SSL certificate.
Also, the current PCI banking standards need all credit card transactions to be done on a secure website which means if you want to collect payments on your website, you need to install an SSL certificate.
How to Install SSL on Your Website?
Installing SSL is a technical process but most of the popular web hosting control panels make it extremely easy for anyone to install an SSL certificate. Here is everything you need to know about installing an SSL certificate.
You should know that there are three different types of SSL certificates. The basics are the same for all kinds of SSL certificates as all these three types encrypt the information. The difference between these three is the amount of information that is required by the SSL provider for validating the owner.
These three types of SSL certificates are domain validation certificate (DV), organization validation certificate (OV) and extended validation certificate (EV). For domain validation certificate, the SSL provider only checks whether the owner has the authority to use a specific domain name.
The organization validation certificate requires a bit more paperwork as the SSL provider conducts some vetting of the organization. The extended validation certificate is given after a comprehensive vetting of the organization. It’s also important to mention here that the SSL certificate is issued for the main domain but if you want SSL certificate for all the subdomains as well, there is a wildcard version that includes unlimited subdomains.
The SSL certificates are issued on an annual basis and have to be renewed each year. It works similar to domain renewal.
As far as the cost is concerned, certain organizations provide the domain validation certificate for free. You can also get DV SSL certificate from your domain registrar at an extremely low price. However, for organization validation certificate and extended validation certificate, you will have to pay a far higher price.
In most cases, the domain validation SSL certificate should suffice in case you are not doing any banking transactions or collecting credit card information on your website.
To install SSL certificate, you will first need to generate a certificate signing request (CSR) from your web hosting control panel. The CSR contains the domain as well as your company information.
You will need to buy an SSL certificate from an SSL provider. As mentioned above, there are several providers of SSL certificate, and you are free to choose anyone.
Next step is to upload the CSR file to the SSL provider admin panel to generate certificates for your server. You will also need to provide an email for creating the certificate as your primary certificate will be sent to this email address.
This SSL certificate then needs to be uploaded to your web server. After uploading the certificate, you will need to install it. Once the installation is done, the server will restart.
Most hosts provide simpler methods to secure a website in their administrator dashboards. It’s impossible to cover every different host here but a few a very common.
If your host has integrated Let’s Encrypt you can secure your website very easily. It comes down to a few clicks. So please check your hosting dashboard and see if there is a button for Let’s encrypt.
After you go through the short process, you are all set.
If you face any problems with any of these steps, your web host should be able to help you.
Once the certificate is installed, it’s time to test all the pages on your website with the HTTPS version. If everything works as it should, you should be able to access your website with HTTPS. However, you are not done yet.
Your website now has two different versions, one with HTTP and the other with HTTPS. You need to redirect all the HTTP URLs on your website to the new address beginning with HTTPS. There are several code snippets available online that can be used for this purpose. It is recommended to use mod rewrite function to redirect all the pages to the new HTTPS URLs. Mod rewrite will help you make these changes at the server level, and you won’t have to make the redirect on every single page.
Setting Up WordPress
You will also need to re-validate the domain in Google Search Console. You can easily do this by adding the HTTPS versions as properties.
You want to end up with 4 versions of your website: with and without www, with and without HTTPS.
Test Your Website
After you have everything setup, open your site in an incognito browser window and see if you get the green lock. [insert image of lock]. Browse the most important pages and see if they are displayed as secure. If everything is right, congratulations you are done. However, most often I find that I get the mixed content warning
This doesn’t mean you did anything wrong. It’s commonly caused by image links that still point to the HTTP version or external content from non-SSL sources.
Use your browser tools to find out which are the non-secure items. On Google Chrome you can find it at: more tools -> developer tools -> security
On Mozilla Firefox it’s at: developer -> inspector -> console
This is everything you need to do to install the SSL certificate. The exact steps may differ depending on the kind of server you are using, but the basic steps remain the same.
Overall, buying and installing an SSL certificate is not that difficult. There are a lot of advantages of installing an SSL certificate as outline above.
So, make your website secure by installing SSL on your website and help in making the web secure.