There’s been a lot of talk about SSL lately, mostly because next year Google Chrome is going to start showing alerts in the browser on unencrypted sites. But they’ve been pushing for encryption for two years now. It’s been a ranking factor in their search algorithm for two years and now even WordPress is pushing for site encryption for all sites.
But there’s some confusion among what this means, because many people believe that having an SSL on their site means their site is secure. Not so fast! Guess what? Even with an SSL, your site can be hacked. An SSL won’t protect your site from being hacked.
What does an SSL do?
When you look at a website online, you are using your web browser to view a website that is actually stored somewhere else, on another server. To view it, you connect through sometimes many servers to reach that server and view that site. That’s where the phase World Wide Web came from. If a site is not encrypted, then it’s possible that any information you submit on that website could be exploited during transfer from your computer/web browser to the server computer. If you submit a form, then that information could be intercepted. If you buy something with a credit card, then that credit card number could be intercepted. If a website is encrypted, that just encrypts the data as it passes between networks, meaning that your credit card information and your personal data are safe while being transferred between the two machines.
An SSL won’t stop someone from hacking your website.
Here are a few things and SSL doesn’t do:
- It won’t thwart a brute force attack, meaning someone can still attempt to gain entry to your site via password.
- It won’t stop someone from uploading malicious files once they have gained access.
- It won’t stop anyone from gaining access via insecure or outdated plugins or software.
- It won’t stop anyone from hacking into your control panel of your web host.
There’s a false sense of security when you install an SSL, thinking you can never be subject to a hack, and this is simply not true. SSL only encrypts the data in transfer. It won’t stop someone from breaking into your site and once they get in, they can cause all kinds of havoc.
What does this mean for me?
It means you still need to use very strong passwords, keep your software up to date, and use trusted plugins as well as go through all the necessary protocols for securing your site.
If I don’t sell anything, do I need an SSL?
Well, yes and no. Technically, the answer is no. You don’t. However, it IS a ranking factor for Google. Google wants you to encrypt and they are making it more and more important to do. WordPress is pushing for encryption.
There are other benefits too. People are more likely to submit your forms and trust you if you have your site encrypted.
In the end, SSL encryption is good, and I am recommending it to all my clients. But don’t mistake that for website security. Both are important.
Join our list!
Our blog, delivered to your inbox. Never miss a post!