In this definitive how to SSL guide, we’re going to explore the topic in detail, and provide some great resources, so you can secure your website with confidence and ease.
Your site is a valuable asset that you’ve poured time, thought, and energy into. Protecting it is vital.
The best way to accomplish this? Hands down–with the presence and power of HTTPS.
Continue reading, or jump ahead using these links:
There’s a fair amount of ground to cover here, so let’s get started.
Domain Security Value
You have probably noticed the shift of many website URLs going from HTTP to HTTPS over the past decade, in particular, the last half-dozen years. There’s an interesting wiki article on the timeline if you’re keen on more specifics.
So what is it that makes HTTPS so good?
A WordPress HTTPS site makes your online business more trustworthy to visitors. From the moment your site loads in their browser, they see a visual cue that their personal information will be highly guarded in your corner of the world (wide web).
You’ll also get an SEO boost, as search engines favor HTTPS websites. According to Google Webmaster Trends Analysts, SSL is part of Google’s search ranking algorithm.
Being rewarded with improved page load times is another awesome part of the package. Who doesn’t want performance gains?
HTTPS, aka end-to-end encryption, can help prevent all types of online attacks, including the big baddies known as APTs and MitM attacks. Here’s a quick rundown on these:
- APTs (Advanced Persistent Threats) are attack campaigns in which intruders use continuous, clandestine, and sophisticated techniques to gain access to a system, and remain inside for a prolonged period of time. These have potentially destructive consequences.
- MitM (Man in the Middle) attacks are when a cybercriminal gains access to an unsecured or poorly secured Wi-Fi network to intercept and read transmitted data, capturing login credentials, banking information, and other personal information. The attacker might also impersonate the person or entity you think you’re talking to, in order to steal information.
Sadly, these cyber attacks don’t seem to be slowing down.
While not completely fool-proof, having HTTPS on your website will greatly improve your defenses against APTs, MitM attacks, malware, direct hacker attacks, and a host of other vulnerabilities.
Next, let’s look at how encryption actually works.
HTTP vs HTTPS
HTTP (Hypertext Transfer Protocol) allows communication between different systems―like your browser to a web server―so you can view web pages or transfer data. HTTP moves data in plain text, but is unsecured/readily available for anyone to read.
HTTPS (Hypertext Transfer Protocol Secure) is HTTP with an added layer of security. It uses SSL (Secure Sockets Layer) certificates
This article was written by Janette Burhans and originally published on WPMU DEV Blog.