Why is securing websites important?
Every visit you make to a website where the address starts with http:// the information that your browser sends to the web server and receives is in clear open text for anyone to read. So for instance, if you log into your WordPress admin panel, your username and password are transmitted across the internet in clear text that could be read. Then it’s entirely possible for the person watching the web traffic to access your website with the details they grabbed and do anything they want.
Secure is Happening
Well, the trend has been moving towards making the entire web more secure and the number of websites changing from HTTP to HTTPS over the last few years is astonishing.
My major clients have all been using HTTPS for the last five or more years but it’s not been until recently that the cost has come down so even small businesses could think about moving to SSL.
SSL (Secure Sockets Layer) certificates are used to encrypt any traffic between the web server where your website is hosted and your visitors’ browsers.
Even just a few years ago SSL certificate was a major expense and most people just didn’t want to shell out the money for something they didn’t think they needed. The thought used to be if you have a website that’s basically just a brochure for your company and you don’t take credit card details then why should it be secure! Well, users expectations are changing to the point they are starting to notice when even so-called brochure websites are not secure. They want security on everything and who can blame them.
Costs have been dropping for SSL certificate to the point now that LetsEncrypt offers them for FREE.
Website SEO & Google
Google has been telling us since 2014 that setting up SSL on your website is important, and it’s being used as a ranking factor in their SERP’s. Its one of the three key things they look for on any website as they want peoples’ experiences to be fast and secure on any device.
- 1. Fast Loading
- 2. Secure
- 3. Mobile Responsive
What is LetsEncrypt
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
The key principles from the letsencrypt.org website.
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
How Do I Set Up an SSL Certificate?
Well, it depends on what platform you are hosting your website on. They are all slightly different but essentially they all follow the same simple principle of generating ‘Certificate Signing Request’ from your web server,
obtaining a trusted certificate, installing the certificate then testing your website to make sure its all still happy. Then the only thing you need to worry about is renewing it to keep it fresh and up to date.
Next, I am going to write about my experience setting up SSL certificates on my Windows server using both ‘Certify’
super easy to use GUI and ‘Windows ACME Simple (WACS)’ a command prompt implementation.
Keep it secure…