There’s a lot of web security advice out there. They go over paid services that’ll do all manner of things to repel cyber-attackers. Some are a good idea, some are mere security theater.
What needs to be stressed, above all else, is the importance of SSL.
Secure Socket Layer
You see that “https” at the start of the URL? That’s how you know the site you are currently on has an SSL Certificate.
When you see that, it means the communication sent between you and the site can’t be read or meddled with by anyone in between.
Without that assurance, you almost might as well have no security at all. “Hackers,” if we want to be generous about the level of skill required here, can intercept anything you put into the site, and they can replace anything the site sends out.
Are there any sites that don’t need SSL?
Yes. Any site you don’t actually care about.
Though that would beg the question, why do you have it at all?
Not having any sort of input, forms, controls or Javascript can certainly help, but even if your site is plainest of the janest, you still have no assurance that the info you put on your site is what your users will see.
And let me assure you, your site inadvertently becoming X-rated isn’t even close to the worst-case scenario.
But SSL certificates cost money!
Well, they do if you ask scammy, scummy webhosts looking to profit off code they’ve already written.
And if you’re with such a webhost, move.
Or at the very least, don’t reward them. There are plenty of sources of free SSL certificates out there. Just google “free SSL certificates” and you’ll find quite a few legitimate organizations just handing them out.
And if you’re feeling any sympathy for your webhost, rest assured there are already plenty of other places where they can and will nickel and dime you anyway.
Because the reality is that SSL isn’t really an option anymore
And anyone selling it like some luxury commodity isn’t being straight with you. They’re selling you the house without the windows.
- Search engines either won’t list your site, or will significantly hinder your ranking.
- Browsers will show your visitors a variety of warnings, possibly including a full-page warning to turn around and leave.
- And lest you think this is Google just being a bully, the reality is your users are vulnerable on your site. Hackers can deliver anything to your users, including harmful code.
So, if you don’t have one, get an SSL certificate now. It’s the absolute least you can do for your site.
Tips
- Not sure if you have SSL already? Change your URL from “http” to “https.” If its a valid, secure URL, you just need to force https.
- (I prefer to do this via .htaccess, but be warned, it’s a highly technical file. Be prepared for some hiccups.)
- Installing SSL yourself? While this isn’t particularly complicated, it can be daunting for a first-timer. I’d recommend watching/reading some tutorials on Youtube/Google to get an idea of the steps involved.
- (And worst case scenario, you can try requesting help from your webhost. The marketing team might say ‘no,’ but technicians might not care.)
- Don’t stop here. This is just the bare minimum. There are many more steps you can take to deter, if not stop, malicious third-parties.