Understanding SSL: what it is, why you need it, and how to set it up

Understanding SSL: what it is, why you need it, and how to set it up

It’s now standard practice for websites to use SSL (or HTTPS). SSL was used primarily for e-commerce sites or sites transmitting sensitive data, but in July of 2018 Google began penalizing standard sites without an SSL certificate.

So what is an SSL certificate and how does it help? Let’s take a look at what it is, why you need it, and how you can set it up if you don’t already have one!

What is SSL?

SSL stands for Secure Sockets Layer. It’s a security protocol that establishes encryption between a website and a browser. In other words, SSL allows a browser and a website to talk without anyone else listening in. The two primary technical goals of SSL are encryption and authentication:

  • Encryption hides sensitive data from public view
  • Authentication confirms to the outside world that you are who you say you are and not an imposter.

When you install an SSL certificate on your website, you’re essentially setting up a private connection, protected from eavesdropping, for your users to send or receive sensitive data on your website. That’s the encryption.

The authentication part acts as a third-party certification that you own your domain and are who you say you are. Browsers display this with a lock next to your website’s URL as well as https:// at the beginning of the URL.

These features give your visitors confidence that the information they share on your website is safe.

Why do you need an SSL certificate?

Google prefers SSL and has historically rewarded sites that use SSL. But now sites that do not use SSL will actually be penalized in Google rankings. That means that every blogger and site owner should have an SSL certificate!

Through encryption and authentication, your SSL certificate protects user data and provides a layer of protection against identity theft. If you’re running credit card transactions on your website, you must be compliant with Payment Card Industry (PCI) Data Security Standards. In order to be PCI-compliant, your site must actively use an SSL certificate and be served on compliant web hosting. (We can set you up with PCI-compliant web hosting, too!)

But protecting your customer’s privacy isn’t limited to the information around credit card payments. SSL encryption covers everything from the email address someone submits to subscribe to your newsletter to the specific pages a reader visits and any comments they post.

How much does it cost?

We offer free basic SSL certificates for Agathon hosting clients. This provides the https:// at the front of the URL as well as a grey lock next to the URL. It also meets all of Google’s requirements.

For e-commerce sites looking for an even higher level of authentication and protection to increase consumer confidence, the Extended Validation, or “green bar,” certificate is available as well through Agathon for $199/year.

How to convert your blog to SSL

To convert your blog to SSL, you will need to order and enable an SSL certificate and then configure WordPress to use SSL everywhere on your site. Agathon hosting includes a basic SSL certificate at no cost, and we’ve created a step-by-step tutorial to walk you through the process. (If you’d prefer to have us do it for you, we can take care of that for $50 per site. 1)


Still have questions? Email support@agathongroup.com so we can help you today!

Understanding SSL: what it is, why you need it, and how to set it up

Morgan Foster

Client Support Manager at Agathon
Morgan is responsible for interacting with and supporting clients at every stage of their relationship with Agathon. He loves people, and his empathy, communication, and humor make him a favorite among our clients.
Morgan Foster

Footnotes

  1. Discount applies to Agathon clients only. Non-Agathon clients pay $150 per site and are subject to availability of the required tools (e.g., Let’s Encrypt).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.