You’re told constantly that you need an SSL certificate, but why and what on earth are they anyway?
SSL is actually short for “Secure Sockets Layer”. It is a digital certificate between an SSL provider (a specialist is certifying security) and the website owners and what it does is establishes that the owners of the website are who they claim to be and that the website connects securely to the browser. What this means is that the content between the server and the browser is served over the https (hypertext transfer protocol secure) and not http. Why is this important? Because we want to be sure that any traffic and submissions between the browser and the server are secure and so less likely to be subject to hacking or other forms of attack.
Why are they used?
Traditionally SSL was used on shopping sites or sites where you might enter and submit sensitive personal information (such as a financial website). You would also see it used it you login to a portal, such as online backing or any sort of ‘account’ or ‘profile’ area. This is because if you are behind authentication (logged in), then that connection needs to be secure to make sure the area you are logged into isn’t just publicly available.
In recent years search engines such as Google have pushed for all sites and all content within them to be served securely, no matter what it is and topped this off by in the summer of 2019 changing their search engine ranking algorithms to penalise anyone who has a site that isn’t served over https. If you use Google and look at a site that isn’t secure they have a “not secure” badge appearing next to it, just to highlight and scare the user into perhaps avoiding it.
Why is it a good thing?
Google actually make a good point. And aside from them penalising you in the rankings if you are not secure, serving all content over https is only beneficial for an end user. For a start it means if you use a contact form it is securely submitted (if the site has been setup to do this – as all Idio sites are, using Amazon SES). This means any information you send, no matter what it is, shouldn’t be available for someone to grab out of the internet air and read – which is theoretically possible if your site is not https. But more widely it just means that the website is less likely to be subject to covert malware attacks which could affect the end user or the site itself.
SSL is a badge to say that someone other than the website owner is certifying that the site is secure and therefore safe to use. That is why all Idio websites have SSL as standard and that we use secure mailing services through Amazon as well.