This is not a sexy topic. The technical ‘security’ side of running a website is by far the least interesting part of blogging. But that’s also why it’s all too easy to ignore. Just because something is boring or unsexy doesn’t mean you should avoid it. Cleaning your toilet isn’t sexy but you gotta do it.
In this post I’m going to chat about SSL certificates: what they are and why you need one. Don’t worry, I know you’re a busy person and would rather be reading about food, fashion or travel. So I’ll keep this one short.
What is an SSL certificate?
I’m not going to tell you what an SSL certificate is in technical terms, because otherwise you’ll be overwhelmed by geek speak and probably never return to my blog again. Instead I will tell you what it does. In short, it allows secure connections from a web server to a browser, which makes a website session more secure for the user.
You know some websites start with http:// and others start with https:// – those with that little ’s’ are the ones with an SSL certificate. In some browsers you may also see a padlock or a ‘secure’ message just before the URL.
If you’re an uber nerd and want to know more about the technical deets then check out this article. But if you’re an uber nerd then you probably already know all of this.
Why do I need one for my blog or website?
For some time it has been commonplace for ecommerce websites or any sites dealing with customer data to have an SSL certificate. For a long while, it was not considered necessary for anyone running a small website or blog to bother. However, that has now changed.
One of the biggest factors that has influenced this change is the new ‘not secure’ warning implemented by the Google Chrome browser. If a user visits a site without an SSL certificate on Google Chrome, a little ‘not secure’ message appears in the address bar. That’s going to be off-putting for a lot of people visiting your website. Even if there’s nothing for them to worry about, you want to avoid doing anything that could prompt users to leave your site.
Another good reason to consider installing an SSL certificate is that the search engines favour secure sites. At the end of the day, the likes of Google want to keep their search engine users happy – and if a site poses a potential security vulnerability by being devoid of an SSL certificate, then it’s not going to fare well in the rankings. Anyone running a blog or website should have SEO at the forefront of their minds if you want to leverage the great power of organic search traffic.
How do I install one?
It’s usually pretty straightforward to install one. All you’ll have to do is contact whoever hosts your website and request an SSL certificate. In fact, you can probably just login to your hosting dashboard and simply add it yourself.
You may find there is a small annual charge for the SSL certificate – but trust me, it’s worth it. If someone ever tries to charge you hundreds of pounds for one then something isn’t right and I suggest you look elsewhere. If you’re lucky then it may be free for a basic SSL certificate (not the kind you’d need for an ecommerce site).
One final really important step
Ah, you thought it was over didn’t you – if only everything were that simple. There’s just one final step to take. Although you now have an HTTPS version of your site – you’ll most likely find that the HTTP version still exists. This is bad for two reasons:
- Firstly, anyone visiting the HTTP version is not getting the security benefits of your SSL certificate installation.
- Secondly, now two versions of your website exist, meaning you have a duplicate of your site. This is a potentially detrimental SEO issue, as you’re essentially competing with yourself in the search engine results.
To resolve this, you need to force the HTTP version to automatically redirect to the HTTPS version. Now unfortunately this requires accessing the .htaccess file of your website and if you don’t have any solid development experience then I’d strongly advise against tampering with it. All kinds of issues can occur if you don’t know what you’re doing.
The best action to take is contact your website host and ask them oh-so-nicely how you can set up that redirect. With any luck, they’ll take pity on your terrible development skills and do it for you. This worked a treat for me – in fact, I got both the SSL certificate and redirect set up completely free of charge (thank you Dreamhost!).
If you’re serious about moving forward with blogging or increasing the traffic to your website then I would strongly recommend installing an SSL certificate. With a half decent website host then it’s extremely straightforward and either very cheap or completely free.
If you have any questions or if I’ve completely confused you then please leave a comment! Nothing too technical though please, I’m not as much of an uber nerd as I like to think.