Ready to Start Your Career?
January 24, 2019
Website Security with SSL
January 24, 2019
If you look at the address bar in your browser you’ll see that my website is now showing Secure, with a green lock symbol, and that the address starts with https. This means that SSL website encryption is enabled and working.What is SSL?Secure Sockets Layer is a standard security protocol that is used to encrypt and secure data transmitted between your web browser and a website. It’s important to check for secure sockets on websites where you may transmit sensitive data, such on as e-commerce or banking websites, in order to prevent hackers from intercepting data such as credit card or account login information.AutoSSL Overview:My website host recently deployed AutoSSL, which is a service that has allowed me to quickly and easily implement encryption using a free Secure Sockets Layer certificate. You usually have to pay for an SSL certificate through GoDaddy or some other SSL certificate authority, but this free SSL option provides many of the same benefits as a paid certificate.There are a few key difference compared with a standard secure sockets layer certificate. For instance they are only valid for a short period of time and only include Domain Control Validation (DCV), which proves ownership of the domain. Paid-for certs can provide high levels of trust that prove the certificate was requested by an actual company. For many websites though, including mine, this isn’t needed.Once I setup SSL encryption, I tested it using Qualy SSL-Labs' SSL Server Test (https://www.ssllabs.com/ssltest), which performs a free online analysis of secure sockets layer services. Below are the results.As you can see, my site is using a 256-bit certificate issued by cPanel, Inc. In addition to the certificates, cPanel provides the control panel website management software my website and many other websites utilize.There has been a big push to secure more websites on the Internet using SSL. Besides AutoSSL, such are other free services such as those provided by LetsEncrypt.org. They are sponsored by Mozilla, Google, Cisco, and other major companies. Their goal is to provide free, automatic, open-source encryption for everyone. You can find out more information by going to letsencrypt.org.Why you should use SSL on all websites:There are many reasons to secure all websites, even if it isn’t used to transmit sensitive data.
- Google Chrome, as of version 62, has started flagging all websites that accept text input as insecure.
- Google gives better page ranking for websites that are SSL secured.
- By not providing SSL encryption, you can expose users to man-in-the-middle attacks where ads, downloads or malicious code is injected into your website requests.
- Cybercriminals may be able to gather information on you, such as what websites you are surfing, by collecting web browsing data from you as you surf web pages.