Soon after Google announced that they will give importance to all websites having ssl configured on them, all webmasters started moving their sites to https. In this article, let’s understand the importance of ssl (https) and if we can get free ssl certificate.
What is SSL – TLS and https
SSL or TLS
SSL stands for Secure Sockets Layer. TLS (Transport Layer Security) is just new name for SSL. After SSL 3.0, the updated version came with TLS 1.0; so we can say that SSL3.1 is TLS1.0.
SSL makes sure that the data transmitted between web browser and server remains encrypted.
Https is Hypertext Transfer Protocol Secure. Https is simply Http + SSL. Plain http send the data between web browser and server in plain text, means an intruder can play with the data. And when we use https, then firstly an encrypted channel is established and then the data is transmitted making difficult for any intruder to play with the data. This is how https works.
Types of SSL certificates
1. Domain Validation (DV)
• This is the cheapest of all and is the most widely used.
• The validation is done against the domain registry only and no organizational information is available.
• The validation is automatic and there is no human intervention by any authority.
• DV is considered as the riskiest one since the user is unable to guess that the business on the website is genuine or not.
• The whole validation process does not last more than 2-3 hours; while sometimes few minutes are enough.
• Bloggers and small websites (where you are not doing any online transaction) can go with this.
2. Organization Validation (OV)
• OV is considered as trusted one because the Certificate Authority (CA) verifies the ownership of domain and organization against the business registry database from the government of that country.
• The inspection is done by real human agents.
• The documents are validated and thus, such websites can be trusted by anyone.
• The validation process can take few days to complete.
• OV is being used by small to medium companies.
3. Extended Validation (EV)
• EV is considered as most trusted one.
• The Certificate Authority not only verifies the ownership of organization against registry database but also checks the physical and operational existence of the organization.
• The whole validation process can span to few weeks as well.
• EV is being preferred by big companies such as Paypal, Symantec, Twitter, Facebook etc.
Benefits of Https over Http
Let’s see some of the benefits that you get after you switch your site to TLS.
Improved SEO performance
Google has already announced that websites and blogs on https will see increase in the ranking on search results page. Google is becoming stricter on security of the websites and this factor will obviously, continue to grow in future. All big sites have already taken a move to https and as such, we should also follow the same.
As I mentioned above that if you are not using SSL certificate on your blog then your data is sent over internet in plain text. Suppose you are using wordpress on your blog; then in order to login to your admin dashboard, you have to enter the username and password. To your surprise, those credentials travel in plain text over internet and any good hacker can steal your login credentials. And obviously, no one wants that. Atleast, I cannot tolerate this :).
Increases reputation over internet
With SSL enabled blogs, people see your site as a branded one because not all websites have this certificate enabled. And when they see the green color icon in their browser, they take your blog as secure. And if you are selling something online then it’s obvious that everyone is concerned on their credit card information to remain safe. So with TLS, you induce trust on your visitors and as such, your blog and organization gains a reputation on the internet.
Improved Web surfing experience
For non-TLS enabled websites, browsers show red-alert to users. Also, they generate warnings claiming that if the user wants to continue on that site then he has to surf on his own risk. All these hiccups do not count for good web surfing experience. This is just an annoying thing for them, both for website owner and the visitors. So with secured encrypted https certificate, all this mess gets eliminated.
Better Referral Traffic data in Google Analytics
As per the working functionality of Google Analytics, it blocks the TLS traffic to non-TLS. It means that if you are getting traffic from https website and yours website is not TLS enabled then you will not be able to see that traffic in your referral status. Instead, that traffic will be considered as direct traffic. So, this is another good reason that you should have the secured certificate on your blog.
Advantages and Disadvantages of Https
SSL Certificate Advantages
We have already seen the benefits of SSL TLS certificate above. Let us further dig into some of the technical advantages of this layer.
The sole purpose of this secured certificate and the reason that why it has evolved in this internet world is encryption. Which means that the data transferred from client to server is not the exact text entered by user but it transfers in an encrypted mode. TLS certificate does this purpose and the data traverses on the web in an encrypted form. The original data is converted into some randomized string and even if any intruder catches it, he cannot guess the data with plain eye.
Imagine you have a website which sells something online and the customer buys something from you but you didn’t get the money? Instead, some hacker steals the money.
Will you be happy by this or will just push your head over the wall?
So In order to avoid above scenario, you must have the secured certificate so that the account details of user are properly authenticated and money gets credited to your authentic account only. And user can also purchase anything without any money or data loss.
3. Stops Phishing and Cyber Attacks
You might have seen many-a-times some phishing emails in your email-box asking you to click so and so link. They legitimately take you to their phishing urls and ask you to enter your account details. And when you enter the details, you see that the money has been debited from your account and you just cannot think that what has happened.
They will resemble their site to look like any bank (hdfc/icici etc.) or any website claiming to provide some service/software to users, so that visitors are not able to distinguish between real and fake sites and they end in losing their money.
Now, imagine that you are service provider or your blog sells anything and the phisher is trying this attack with the readers of your blog???
It’s difficult for such phishing sites to get SSL easily. So, if your blog is protected with this secure ssl certificate then your visitors might not be get trapped.
SSL Certificate Disadvantages
Anything comes with a price. So, the same applies on this encrypted certificate. If you are looking to safeguard your blog then you need to pay some money.
Decreased SEO performance
Are you confused with the heading that till now, I have mentioned all the benefits of this encryption and suddenly, I am saying that SEO can degrade your site’s performance? Sounds weird…?
Yes, It can degrade the performance BUT only if proper search engine optimization process is not followed. In the latter case, Google will take the content as duplicate because the same content will be present on http and https versions. So, Google can penalize you and you can see decrease in overall traffic. But don’t worry. There are ways to overcome this. So don’t be scared. 🙂
I don’t see any other disadvantage of ssl. So compared to pros, I would say just go with the free ssl certificate for your blog.
TLS security myths
There are some common myths associated, which we are going to explain below:
• It slows down the page load time.
–> Just do not believe it.
• It is costly and small bloggers like me cannot afford it.
–> Infact, the truth is it is cheap and you can even get that for free. Keep reading to know how you can get free ssl certificate.
• Your blog is cent% safeguarded and nothing to worry as of now.
–> No doubt that this encryption will add a locking layer but again, nothing is 100% safe.
• It is only for big organizations.
–> The truth is that now, Google has clearly said that it is in the process of making the web secure. So whether you are a beginner or a big brand, you have to switch to https.
• If certificate will expire then my blog will stop functioning.
–> Again the truth is that TLS and your blog both are 2 different entities and expired certificate cannot take your site down from internet.
• It will decrease the traffic.
–> If proper SEO is done then it will help in gaining the traffic and you will see steady increase in the number of visitors.
• My site will look as professional and hacker will try to hack it. And since I am a small man, I will screw my ass.
–> I cannot understand why many people are so much worried. No need to worry on this. Infact, you will get an extra defense layer and do you think that hackers are free only for your online identity?
Just don’t listen to above mentioned myths.
Is https mandatory for any blog?
I would say yes, it’s mandatory and at first instinct, you should grab it. We have already seen the number of pros of this defensive layer and when Google is becoming so lenient on it then we don’t have an option to not to purchase it.
How to get ssl certificate free
As I stated above that everything comes with a cost but thanks to few hosting providers who are offering free SSL certificate to you. You just need to signup with them with any of their hosting plans and you can get rid of default http version on your blog.
If you are already on any of the above mentioned hosts then you must be enjoying the free encryption and if no, just talk to their customer support, they will help you. And if you are on any other hosting service then it’s time to switch.
Do I need to change any settings in WordPress after getting free ssl certificate?
There are some settings that you need to do so that all your http traffic gets diverted to https. The good thing is that if you are on wordpress then there’s a handy plugin that does all this for you and another good thing is that that this plugin is free.
Really Simple SSL is the single wordpress plugin that you need to install and it will do all magic for you. It allows you to move your entire blog to TLS with a single click.