March 21, 2017
In today’s world everyone uses Internet. Everyone wants to be Secure. But only a few understand the importance of having a Secure version of your website. Adding SSL encryption is one of the ways to protect your website from serious Threats. So the question is “What is SSL? Why do you need SSL? What are the benefits of having an SSL certificate?” I am going to explain why you need an SSL certificate and its advantages. So first of all:
Secure Socket Layer is a security technology used for making the Internet a safer place by providing an end to end encryption to your website. So that the data passed through the network will remain Private.
SSL secures our websites but it’s not SSL actually :p SSL is an obsolete technology and has some vulnerability that can be exploited by several tools. When SSLv2 was released it had some potential threats that made it useless and hack-able. For more on this you can see this answer on Stack Overflow and Drown Attack.
After having known such vulnerabilities the web moved with new technology TLS (Transport Layer Security) but we still refer TLS as SSL or SSL/TLS. So we will also refer TLS as SSL and TLS certificates as SSL certificates in this article.
The main purpose of SSL is to encrypt information so that only browser and the hosting server would know what information is being transferred. Basically any information submitted over internet are transferred through several computers before reaching the destination. A simple Man-In-the-Middle attack can fetch all the information transferred, be it Basic Bio info or Credit Card Info. Default http transfers the data in a plain text format so that anyone in the coffee shop using the same ISP can have all your info.
SSL encrypts all the data in the Transport layer before sending to the Network. So if someone is sniffing your information in between he will rather get a useless encrypted data. 😛
Example: A simple string encrypted in SHA-512 –
Original : Shubham Pandey WordPress Developer
SHA512: f6c0302f9a3f440abae2a96909e56c9cd565d24d915b6d78b1fc21ffbca9e365fbed707a953c81614394055c261da552be869bd22f12f7864081eb063f121f8e
Most of the People who use internet each day and visit E-Commerce websites, know that a green padlock in the Address bar is Good. They don’t know what is the reason for having a padlock and https
in the address bar, but they know that It’s safe to surf your website.
A website with a green-ish lock icon in the address bar is the sign of trust so that the user is more likely to buy something or register with your website. Trust is directly linked with the revenues a website makes, so that it can bring more users to your website. More users: more revenue.
Yes you read it right SEO rankings. I do not know if you know this or not But google says this in its official Blog, HTTPS as a ranking signal. They say “Security is a top priority for Google”. So for sure it boosts up your SEO ranking. But do redirect your non-secure Website to secure one otherwise your ranking will fall (because of the same content on 2 different protocols).
With all these advantages does it have any disadvantages? Yes for sure it has some disadvantages, not any critical one and can be compromised with some software or hardware.
If you are going to encrypt everything before served to the user, that will take more resources and memory on the server. It will only affect you when you are going to scale up everything and have a large number of visiting users. Then you can add extra servers or some load balancing software/hardware to reduce the load.
If you are a normal blogger (like me) means just serving content but want to secure your users from security threats this won’t bother you. Because you can get a FREE! certificate from Let’s Encrypt and install it for free(I will write another blog on “How to install and configure SSL Certificate in Apache Server”).
But if you have a Business Website the E-Commerce stuff and want to be more authentic to your Users, you have to get a Certificate from a CA (Certificate Authority). And then you have to pay some money to the Certifying Authority. But if you are in Business you can afford!!!
SSL is awesome. Change your Website from http
to https
. Cheers!
Trust begins with understanding. Understanding requires transparency.
I’ve posted another blog on Migration to HTTPS from HTTP.