Fur N Feathered Friends

931-820-3008

fnfdfriends@gmail.com

Follow Us

How does this apply to me? (SSL Certificates)

How does this apply to me and How do I know I need one?

There are some basic industry questions to determine this questions:

  • Is my site an e-commerce site the collects credit card information? If Yes, than yes you absolutely should have a cert!!
  • Do I use a 3rd Party payment processor? If your e-commerce site forwards your visitors to a 3rd party payment processor (like PayPal) to enter the credit card information then you don’t need an SSL certificate because your website won’t touch the credit card information.
  • Do I have a login form? If your users enter a username and password to login to your site without an SSL certificate, an attacker can easily see their username and password in clear text.

Now your saying: I don’t met any of this criteria.  I do have a Newsletter form or a Quote form where I do ask for an email address and name.

No Problem, this is public information and does not meet Industry standards.

Ok, so if I don’t meet the basic criteria and it’s public info, What’s the big deal and why am I being asked to get one?

Well, The Industry is pushing and upgrading to a more secure internet.  Predominately over the last few years with all the hacks/leaks/Ddos/phishing/man-in-the-middle attacks that has been covered in the Media. As well as “Big Brother is watching”. So by going to an encrypted secure internet there’s less chance of any of these happening.  A lot of this has been happening behind the scenes that most web users really haven’t been aware of other than their browser has released a new update.

And you have now noticed the little green padlock or the whole URL address window is green or red. That was the beginning. Companies started making the move to HTTPS. You have probably seen this for your Financial Institution. You may have noticed that your Facebook URL has a green padlock.

But you ask, wait didn’t you say in your last post that SSL Certs are not created equal? Why, yes, yes I did, thanks for remembering. They are not! But remember, the criteria to get the Green Address Bar is very stringent.

Again you say: But I still don’t meet the standard.

True.

There does seem to be a BIG industry push to purchase an SSL, especially with Google soon to be released Chrome 56. Where they are enacting a stricter criteria for the Green Lock, hence a SSL Cert and touting that it will also give you a higher ranking. BUT if you watched the video in my Post: Why am I receiving email. . . .you saw and heard from Google itself that at this point it is small. And as a I am on both sides of the fence by being a website owner and that I design websites, I know first hand how it is coveted to be on the first page for a Google Rank. But, I also understand that there are x amount of slots on the first page AND that in the last couple years those slots have lowered due to GOOGLE ADS!

In today’s fast paced world, of course you do not want to have to go 15 pages deep to find what you are looking for but have you actually stopped and taken a look at that page? 4 ADS, next top 3 websites listed are the companies with those Ads, and then a sprinkling of what you where searching and at the bottom MORE ADS! It’s frustrating sometimes with all those ADS and I still go 15 pages deep to find what I am looking for.

WordPress Websites & Blogs:

How does this pertain to my WordPress Admin log in?

If you purchased a ‘Managed’ WordPress hosting it may have come with an SSL and that covers your log in page for your admin as well as showing the ‘Green’ lock in the address window. Please note that there could possibly be an annual fee for the SSL Cert. Check your account with your Hosting Company.
If you do not have a SSL for your site, there are numerous Plug-ins available to help protect against your login page getting hacked. I personally install a Limit Login Attempt plug in on all my customers sites, even if they have a SSL.
WordPress itself also has it’s own security features covered here https://wordpress.org/about/security/

Now you should have an even bigger eye-crossing basic understanding. I cannnot answer the question ‘Should I get one?’ You need to assess your business, on-line presence and your business/hobby goals.

There does seem to be a BIG industry push to purchase an SSL, especially with Google soon to be released Chrome 56.

In my research, there’s a lot of talk about a ‘more secure web’. At this point, I am asking myself ‘Shouldn’t encryption be a standard feature with my Hosting/Domain?’

Shouldn’t I be able to reasonably expect that if I have my website on their server, that their server is secure and encrypted to talk to browsers and if I installed a Malware Protector like SiteLock shouldn’t that also improve my security standing without having to purchase a SSL? Especially when I purchased my malware protector through my hosting?

My concern is that I now must make this same decision myself. So, once Chrome updates sometime in January 2017, my site will now have a red lock. And I ask the basic question: Do I collect customer credit card info, username/passwords, provide e-commerce, etc on my site? The answer is no.
So all the reasons, should take into account, how does this apply to you comes crashing into a big brick wall with the question: How does this affect us little guys? The answer: MONETARILY!! According to their standards, I do not need an SSL. But yet, with “new improved security standards” I now need to buy into ‘The industry’.

As in all things, BUYER BEWARE!!! Ask questions, pay attention to links you click on whether on a website or in your email. Not sure about a link? READ THE LINK ADDRESS! Copy it and put in a new browser window to verify. Looks like it came from a Company you do business with? Go to that Company’s website with a direct url.

My father always told me: ‘Follow the money’ & ‘A lock only keeps an honest man honest’

Sources: WordPress.Org; GoDaddy.com; SSLShopper.com; GlobalSign.com; Zen-cart.com; Siteground.com & My Dad

 

 

 

Leave a Comment