Tanya Neufeld
$50/hr
Brand & Facebook Ads Strategy
- Reply rate:
- 50.0%
- Availability:
- Part-time (20 hrs/wk)
- Location:
- Dublin, Dublin, Ireland
- Experience:
- 5 years
A Beginner’s Mini-Guide to Getting Your Site Secure with SSL
Is this just another bill?
Does site security matter? You have done all the heavy lifting to get a functional and aesthetic website up and running to aptly represent you and your business. You likely pay for hosting, a premium domain, and maybe some other extras. You may have noticed your hosting provider offering SSL certificates for $X/year and some sites showing as ‘secure’ with HTTPS while others give you a warning when you land with the regular “HTTP”. So what is web security all about and what level of security should you really be investing in?
What is SSL and HTTPS?
The reality is that there is a growing need for security on the web, and all signs point to this need only increasing. As of July 2018, the world’s leading web browser Google Chrome is marking all HTTP sites as “not secure” as part of their commitment to a future with 100% secure websites. In fact, it is considered standard practice to have an HTTPS-secured site.
So, what exactly distinguishes a ‘secure’ versus ‘not secure’ site? A secure site is designated by “HTTPS” before the URL, with the S standing for secure, and an SSL certificate is the technology that allows for your site to be secure by encrypting or scrambling any information passed between your website and servers so that intruders/hackers cannot access or manipulate it.
So, why should I care about SSL and HTTPS?
It boils down to 3 key reasons: safety, user trust and website performance. Let’s dig into each of these a bit more:
1. SAFETY: Cybercrime is real and does not only affect the Ticketmasters of this world. In fact, according to web security authority Symantec, 31% of all cyberattacks are aimed at small and medium businesses (SMBs) with 250 employees or less. And the average cyberattack is so devastating financially that 60% of SMBs hit by a cyberattack go out of business in the next six months. Smaller operations like yours are the most vulnerable, and it does not cost very much to protect yourself and offset the whopping $11M annual average cost of cyberattacks per organization.
2. USER TRUST: Additionally, there’s brand safety in the form of user trust; you want to be perceived as legitimate despite your size and a simple ‘secure’ and padlock symbol in green can go a long way. With data privacy becoming more and more topical with the rise of social media giants and subsequent government policies, people are becoming more educated and cautious about the safety of the websites they frequent and trust. Without HTTPS encryption, personal information ranging from emails, passwords, credit card information, and Social Security numbers can be intercepted and manipulated by intruders or hackers. Even if your website holds none of this information, intruders can use your unprotected connection to inject malware or ads on a user’s network.
3. WEBSITE PERFORMANCE: Over four years ago, Google announced it would start considering a website’s secure status as part of its organic search ranking algorithm -- meaning your website’s security has an impact on most of the non-paid traffic that drives to your website and the end users that justify its very existence. Given this year’s change, it would be safe to assume this might become more important in the future. Furthermore, if your website supports any sort of purchase, Symantec studies have shown that Symantec SSL-secured ecommerce sites have 17% higher conversion rates than those who do not, meaning site security can also contribute to your bottom line.
How can I check if my site is secure?
This is quite easy thanks to the transparency of SSL certificates.
Below is what a secure website looks like in Chrome’s URL bar:
Unfortunately, Chrome does not provide a lot of information on whether you get the information symbol or the red warning symbol if your website is still on HTTP.
You can also check your website’s security status by using websites like HubSpot or CASecurity although it should be fairly obvious when visiting your website.
OK, so how can I get secure without breaking the bank or learning to code?
If you aren’t already secure, keep reading to do this easily today. This very website is secured by Let’s Encrypt, which is the cheapest (try: free) recognized SSL certificate. It is the most basic trust level, meaning it only verifies your domain, you will see this designated as domain validated or DV. Let’s Encrypt comes built in with a lot of web hosting services and WordPress sites too.
The first thing you should do is go to your hosting provider and look for what SSL options they offer. If your website is purely informational - as my website is - a solution like Let’s Encrypt should do the trick.
If your website is transactional, you may need something beyond DV such as organization validation (OV) where the business name is listed in the certificate (visible only from clicking into it) or extended validation (EV), visible in the browser bar in green. For an SMB, OV should be enough and is much more cost efficient. There are options for single domain, subdomains or multi-domain for all these different levels of SSL certificates.
If you don’t have Let’s Encrypt as an easily accessible option from your hosting server or if you require additional security, you have two options:
1. For the tech-savvy: Buy a third-party SSL certificate from aggregator websites like NameCheap.com or directly from Certificate Authorities (CA) like Comodo, GoDaddy or Symantec and implement it yourself via your hosting provider.
2. One-click fix (recommended): Find a provider that includes SSL certificate setup on your behalf or buy from whatever third-party is available for purchase from your hosting provider.
To get an idea on prices from different CA providers, use the below table for reference. Buying 2 years usually offers discounts.
Certificate Authority (CA) /SSL Provider
Single Domain DV Cost
Single Domain DV Warranty
Single Domain OV Cost
Single Domain OV Warranty
Customer Support included?
Let’s Encrypt
FREE*
No warranty
No OV offering
N/A
No
Comodo
$49-$99.5/year
$10K-$250K
$99.95-$179.95/year
$50K-$250K
Yes
GoDaddy
$69.99/year
$100K
$98.99/year
$250K
Yes
Symantec
$399/year
$1.5M
$995/year
$1.5M
Yes
GeoTrust
$149/year
$500K
$199/year
$1.25M
Yes
RapidSSL
$59/year
$10K
N/A
N/A
Yes
Thawte
$149/year
$500K
$199/year
$1.25M
Yes
GlobalSign
$249/year
$10K
$349/year
$1.25M
Yes
Just like car insurance, even if you’re a great driver and the likelihood of getting hit by a truck is low-- you are better off safe than sorry. Happy SSL shopping!
