In a blog post from 2013, I wrote about some ways to secure your website. A lot has changed since then and today, having a secure website with a TLS connection should be standard. In this blog post, I briefly explain what TLS / SSL is, and why every website owner should have a security certificate.
What is TLS and SSL?
SSL (“Secure Sockets Layer”) is a method of encryption that lets a website visitor use that website securely, making it much more difficult for attackers to view information that the visitor sends to the website (such as a password or a credit card number).
But technically speaking, SSL is old. TLS (“Transport Layer Security”) is a newer kind of encryption. Most people still refer to SSL certificates, because that’s what they’re used to. In reality, TLS is used today.
You can think of the connection between your web browser and a particular website as a real-time “mailman.” The mailman sends letters (data) back and forth between the sender and receiver. When a website doesn’t have a TLS security certificate, the equivalent would be someone writing a postcard and putting it into the mail. Anyone who handles that postcard between the sender and the receiver can easily read what is written on the postcard.
Customers on our shared web hosting platform get a TLS certificate for free. Learn more at https://barredowlweb.com/services/.
TLS Increases Google SEO
TLS is good for Search Engine Optimization (SEO). As early as 2014, Google has said that, as security is a top priority for them, they would use HTTPS as a “ranking signal” meaning that, for all else equals, a website that has a TLS security certificate would rank higher in Google search results than a website without such a security certificate.
Google Will Mark Websites That Don’t Have TLS as Not Secure
Beginning January 2017, Google announced that their Chrome web browser would explicitly mark websites that don’t have a TLS security certificate as “Not Secure” for pages that accept passwords or credit card numbers. Ever since then, Google has begun to mark all websites that don’t have a TLS security certificate as “Not Secure”, regardless of whether or not personal information is transferred to the website.
Where To Purchase a TLS Security Certificate
TLS certificates are typically purchased from your web hosting provider and range from a few dollars to over $200 each. The typical amount of time a TLS certificate is valid for is 1 year.