Why every website needs a certificate: TLS, SSL, and the “not secure”

Here’s the short answer: YES! You need to secure your website. Here’s why…

Encryption

This is the most obvious reason. By using a security certificate, all traffic becomes encrypted. In other words, any data can only be seen by the customer and the server. Malicious eavesdroppers in the middle can only see where the traffic is headed and not the content.

It should go without saying, but if your site collects any kind of customer information you don’t have an option. Stop reading and go get a certificate immediately. Not taking the time to protect your users is not being a rebel — it’s grossly negligent and a betrayal of your customers’ trust.

Even those that do not collect sensitive information should consider locking down their site,  however.

SEO Optimization

Search Engine Optimization (or SEO) is a fancy marketing word for how well you rank on search engines such as Google. The exact details search engines use to rank sites is kept a secret, but search giants will share the occasional tip. Google has publicly announced that secure sites would be given a slight advantage.

Google Chrome’s “Not Secure” Warning

Can you tell Google is really trying to push an agenda here? As of January 2019, Chrome shows a warning on all sites that are not encrypted. This has absolutely no affect on how the site functions, but it may confuse users.

Okay, I’m on board, how do I make my site secure?

That depends. If you’re technically inclined, combine a Let’s Encrypt certificate with an NGINX reverse proxy.

For everyone else, all the common web hosts have packages for this (usually about $100/year). Talk to your hosting provider.

Certificate, TLS, SSL, HTTPS — WTF?

These terms are really all saying the same thing. To secure your site, you need a digitally signed TLS Certificate. Once it’s enabled and your site properly configured, your address will update from “http” to “https” short for HyperText Transport Protocol Secure.

Finally, that leaves us with SSL. Notice I mentioned you need a TLS certificate. That’s an acronym for the method of encryption the certificate uses. Long ago they used SSL, today they use TLS — but many marketing sites still use the terms interchangeably. This is technically incorrect, but welcome to the field of computer science. 🤷

Are you considering upgrading your site? Leave your questions below!