5 Powerful Secrets Revealed
By SHARON HENDERSON
In today’s tutorial, I reveal the top 5 reasons why websites must have valid SSL Certificates installed. That is followed by a step-by-step guide to installing the Let’s Encrypt SSL Certificate on your website via cPanel. And the best news – Let’s Encrypt is free! Yes, you heard it right – it will cost you nothing. Nada. Zilch. Which is pretty cool in my book!
Why You Need an SSL Certificate Installed
There are many reasons why a valid SSL Certificate should be installed on your website. Most importantly, for sites that don’t have valid SSL Certificates installed, a warning is displayed next to the url in your browser bar. The screenshot below reproduces the warning shown to all visitors of an insecure site.
Now consider any of the scenarios below:
1. If you’re collecting sensitive information, e.g. via a contact form
People confronted with a warning that it’s unsafe to submit personal information such as their email address via your website are highly unlikely to then go ahead and do so.
2. If you’re providing customer accounts via your website
Once again, a secure site is essential in this situation. Sites with no SSL Certificates are therefore losing out on significant revenue opportunities.
3. If you want to allow any financial transactions to take place on your site.
As a customer I would never enter into any transaction if I knew that my data was being transmitted to a site that wasn’t secure. I certainly wouldn’t be providing credit card details! The same is true for e-commerce stores, where online banking and credit card transactions are required. For these reasons alone, SSL Certificates are a must.
4. Your Ranking with Google/ SEO Ranking
Google and the other search engines penalise sites that don’t have valid SSL Certificates. They downgrading their ranking in search engine results. And no one wants to take a hit when it comes to SEO!
Are You Analysing Your Data?
Some people reading this article might be thinking that an insecure site hasn’t impacted on their business. They might argue that they are still receiving contact form requests, or even experiencing successful sales despite no SSL Certificates on their site. If this is you, then I would invite you to consider this. How many more people are seeing the insecure site warning and clicking away without filling out a contact form, or completing a transaction?
How much business have you lost as a consequence of this one issue? Unless you are actively monitoring your site, you will be completely unaware of how much potential business you have lost. As an aside, if you don’t already have a Facebook Pixel or Google Analytics installed, then you should really do so!
5. Brand Association and Credibility
This is another very important reason why valid SSL Certificates are essential. You want to grow a brand that’s associated with trust, reliability and credibility right? In which case, you don’t want your visitors landing on your website only to be warned that the site is insecure and vulnerable to hackers. Because that’s going to have completely the opposite effect!
For all these reasons, it simply makes no sense not to have valid SSL Certificates installed on your website. And it’s not like it’s expensive to get one – you can install a certificate for free with Let’s Encrypt!
A Personal Tale
I remember landing on a Locksmith’s website, where there was displayed for all to see, a big red warning that the site was insecure. For a business that provides security solutions for its customers, the irony was not lost on me! This very same business expected people to provide personal information on contact forms that could very well be stolen by hackers.
There were also a number of financial institutions in the same situation. Indeed, I discovered a whole raft of them with insecure sites! I actually contacted one such financial firm. I asked them if they were aware that their site had no SSL Certificate installed.
They had no idea that their visitors were being met with a warning that their information was not safe. Understandably, the business owner was horrified.
Below is a screenshot of the warning every visitor is shown when they land on a site that’s not secure:
SSL Certificates – The Options
There are a number of options available to you when it comes to installing an SSL Certificate on your website.
Let’s Encrypt is the most commonly implemented solution when it comes to installing an SSL Certificate. That’s because Let’s Encrypt” is an open source Certification Authority.
Let’s Encrypt is compatible with all the major sources of traffic. The only platforms that it’s not compatible with are the likes of Blackberry and a few others. But that shouldn’t be of concern to most. Also, because Let’s Encrypt is free, you’re not paying for customer support or any form of warranty. This is a potential con but I, personally, have had no problems with using Let’s Encrypt. The only issue I have ever experienced related to the existence of mixed content on the website. But that generally occurs, and needs resolving at the website level.
Comodo SSL is an alternative form of SSL Certification. Some perceive Comodo to be superior and to provide greater protection. That’s because it’s not an open source Certification Authority. That said I, personally, think Let’s Encrypt is absolutely fine.
When Comodo May Be Preferable
Because Comodo is a commercially certificated form of SSL, it attracts greater kudos than its open source counterpart. It’s a better choice if you require SSL to operate on less mainstream platforms like Blackberry. It is also preferable if you’re looking for 24/7 live chat customer support, and a warranty. That said, if you’re with a reputable host company, they should be able to help you with any issues you may have.
Comodo Comes Free with My Cloud Hosting Plans
If you did require Comodo, then it actually comes as standard with my agency’s hosting plan – at no additional charge! If this is of interest to you, get in touch. You will pay no more than you would for your average shared hosting plan. And, cloud-based hosting is a lot more secure and a lot faster.
How to Install an SSL certificate
You will be pleasantly surprised how quick and easy the process actually is. For the purposes of this tutorial, I’m going to use SiteGround. This is simply because my preferred hosting company has SSL set up automatically at server level. So, it’s not ideal for the purposes of this demonstration.
Accessing Website Files
cPanel -v- non-cPanel Access
I have mentioned in previous tutorials that I used to be with Cloudways, which is a cloud-based hosting company. They were great, and their technology was high quality. The resulted was fast back-end and front-end performance. Unlike Siteground, Cloudways don’t have cPanel access though, with its array of readily accessible tools.
File Manager is one cPanel tool that I find very useful indeed. Simply put, File Manager enables you to access and transfer your website files, review, edit and remove them as required. I find it extremely convenient to be able to access the website files directly from cPanel.
This is something you can’t do with Cloudways. Instead, you have to make changes to website files using FTP or SFTP, (Secure File Transfer Protocol). In order to enable FTP/SFTP access, you first have to install and configure an application such as Filezilla. Personally, I find the configuration can be a bit fiddly at times. Rather, Cloudways uses a different interface and it takes some getting used to you.
Security Issues with Shared Hosting Plans
CLOUDWAYS: CLOUD HOSTING
Every web host has its pros and cons in my experience. Cloudways was great when it came to site performance and speed. And I never experienced any security issues in all the years I hosted my sites with them. That’s because I had a cloud-based hosting plan with Cloudways.
With Siteground, on the other hand, my plan was a shared hosting plan. That said, there were issues with their varnish feature, that was causing conflicts with my websites and was stopping them functioning correctly.
At around the same time, the quality of their support decreased dramatically. They significantly reduced the number of support personnel and those handling live chats were managing multiple chats at any given time. The upshot of this was that it was taking hours and hours to get a sensible answer out of anyone. Rather than answering the question I asked them, Cloudways support would employ delay tactics. They would respond by asking an inane question, and then go off for half an hour and attend to another live chat! In the end, I had no choice but to migrate all my clients’ sites to other web hosts, including SiteGround.
Siteground: Shared Hosting
Within 30 days of moving my sites to Siteground, one of them had been hacked. In all my years of developing websites, I’ve never had a site hacked before! I had already paid for a year’s worth of hosting at this stage. But once that’s up, I will move all my sites elsewhere.
For now, however, the sites remain with Siteground and I’ve had to implement a lot of additional security measures to make sure no other site is compromised.
A Closer Look at cPanel
In the screenshot below, you can see what Siteground’s cPanel looks like.
Installing Let’s Encrypt
Let’s scroll down to find the SSL tool – Let’s Encrypt. With Siteground, you really only have the option to install Let’s Encrypt through cPanel. We can then click on Let’s Encrypt. There’s the option to select a Let’s Encrypt wild card SSL certificate. However, unless you have a whole host of subdomains that you want to cover with your SSL Certificate, you don’t need to worry about this. Moreover, the wild card feature is not free and there’s a charge for this.
I’ll now go ahead and click on “install”. The job is added to the queue and there is a wait time before SSL is successfully installed and activated. The wait time can vary from ten minutes to a number of hours.
A Secure Site
Let’s take a look at a site where there is a valid SSL Certificate installed. The padlock to the left of the browser bar in Chrome is confirmation of this. We can see that there is a notice that the connection is secure.
Mixed Content Issues
Really Simple SSL
In order to remedy this issue, I need to go into the back-end of my WordPress site, and click on the plugins section. If I type “SSL” in the search bar, all the SSL-related plugins in the WordPress repository will be displayed. What I’m looking for, is the Really Simple SSL plugin.
It has 3+ million active installations. Moreover, it was updated only a week ago, and is compatible with the latest version of WordPress. Those are all good indicators that this is a reliable plugin to install.
Once installed and activated, I can head on over to the plugin settings. Once there, I can see that the reason why there is no secure browser padlock, is purely because of a mixed content issue. The plugin logs me out when I click “save”.
I can then log back in, and purge the cache. And voila – the mixed content issue is now fixed. We now see the secure browser padlock in the browser bar. Meaning that visitors can now happily share details, and enter into transactions knowing that their data is secure.
Share the love