Open Chrome. Or Firefox. Or Opera, Safari, Brave, or whatever browser you normally use. Type in the address of your own website and hit the return key. If yours is a secure website, a little green padlock icon appears next to the address bar.
If yours is an unsecure website, you get a red padlock. Or a big red X. Or a text warning that says something along the lines of “not secure.”
So, what does it matter whether you have a secure website? It matters a whole lot. People tend to steer clear of sites flying the red padlock flag.
Fewer visitors mean fewer opportunities to get conversions. Fewer conversions mean fewer smiles from your stakeholders when you share your website’s performance statistics.
You want more conversions, right? But a secure website helps you get not just more conversions. Other good stuff:
- A secure website ranks higher in Google search;
- Hackers hate secure websites (makes it vastly harder to steal customer data);
- You demonstrate good Internet citizenship (a secure website shows you care about your visitors' safety);
- You comply with laws like GDPR.
Here at Valet, we always encourage you to strive for a secure website. In fact, we insist on it.
Basic Part of Website Health
Recall that Team Valet talks a lot about website security in our blog. We consider security the foundational tier of our five-level hierarchy for site wellness (for a quick overview, please read this post about website health).
Accordingly, we make sure that every Valet client’s website comports with the communications protocol known as HTTPS. That stands for HyperText Transfer Protocol Secure.
This protocol debuted in 1994. But for a long time afterward, most websites used the unsecured version—HTTP (no “s” at the end).
The problem with plain old HTTP: the hacking of transmitted data is much easier.
For example, say someone visited your site via a public network at a coffee shop or airport lounge….well, you know the dangers of that. Private data given to you by that visitor is easily intercepted by anyone monitoring your communication.
The HTTPS protocol solves this problem.
As such, anyone who manages to hack in receives only a bunch of useless goobledegook symbols and characters. (The explanation for that comes in a moment.)
Importantly, this protection applies only to data traveling between your website and your visitors’ computers or mobile devices. Data stored by your website is another matter entirely (the topic of another post on another day).
In other words, https protects only the transfer of data.
SSL is Key to a Secure Website
However, HTTPS alone lacks the ability to protect data. It needs help from a secure sockets layer, or SSL. (An SSL is sometimes referred to as a transport layer security, or TLS.) What an SSL does is permit your website to transmit encrypted data to and from a visitor’s browser.
But, wait. It gets more complicated. An SSL alone lacks the ability to encrypt data. It needs help from an SSL certificate.
The SSL certificate performs the actual encrypting and also serves as a decryption key shared solely with your site’s visitor.
Sharing this key requires zero effort on your part. Once you install a valid SSL certificate on your website, it’s all hands-off from there.
It works like this. First, an internet user types in your secure website's address. The user’s browser then asks your website to show its SSL certificate. It also asks to see a digitally signed note confirming the certificate’s authenticity.
Your website complies and at the same time attempts to pass along the decryption key. The browser accepts the key if your secure website's certificate appears authentic and trustworthy. OK, you're good on both counts. Encrypted data begins flowing and is converted back into understandable alphanumerics the instant they clear the communications pipeline.
SSL certificates come in mainly three varieties. Most often encountered: the extended validation certificate. Among other things, it provides validation details, such as the website's ownership and geographic location.
Also frequently seen is the organization validated certificate. It offers much the same kinds of validation details plus a few more, all in greater depth.
Finally, the domain validated certificate. It signifies that the website is legitimate, but keeps the identity and location of its owner a secret.
Easy to Install
Installation of an SSL certificate is a breeze.
But before you install, you must obtain. You can find SSL certificate sellers (known more commonly as certificate authorities) by running a Google search.
Alternatively, your internet provider may offer them as part of your hosting package.
If you prefer not to pay for a certificate, Valet recommends you try either Let's Encrypt or Cloudflare. You can even create your own certificates. But we discourage that because self-signed certificates carry nowhere remotely near the trustworthiness of those you obtain from a third-party.
After you procure the certificate, you download it to your secure website’s server. When the download completes, a button appears—click it to install the certificate. Then follow the onscreen instructions to activate it.
And with that, you’re done. Done, that is, until the certificate expires. At that time you’ll need to renew it (certificates typically remain good for anywhere from 90 days to two years).
In closing, keep in mind that the internet can be a dangerous place. Hackers live in the shadows. Venus fly trap-style websites lay in wait to snare the unwary and the careless.
So, do your website visitors a favor. Give them peace of mind. Offer them a secure website. Make sure yours is configured for HTTPS, flawlessly runs SSL, and holds valid, trustworthy SSL certificates.
If all this raises in your mind more questions about how to attain and maintain a secure website, then please reach out to us via email. We’re here to help.