In this article we address the need for an SSL certificate in simple terms, we’ll explain how to go about getting your SSL certificate installed and start running your website through HTTPS if it isn’t already. To save you time if you expected a technical explanation, you can skip this article as it doesn’t show you how can do this, we wanted to provide some simple explanation and procedures you can follow if you have a small business website which might be infrequently maintained or in need of some TLC.
It’s no surprise that today we have to be increasingly vigilant online. We hear in the news and in our email inbox more and more about data breeches, hacks and even companies being held hostage by software created to encrypt entire databases with the only option to pay a sizable ransom to decrypt the data and normal business to resume.
Now I’ve alarmed you, I want to take down the tone a little and say although it’s important for all your web apps to have an active SSL certificate, as long as you don’t process any customer data the only vulnerability it presents is to your own data held within the site. Namely, your own login details. However, it could also be hurting your SEO to not have a valid SSL certificate on your website since Google introduced ranking boosts for websites which operate the SSL certificate as a method to encrypt HTTP requests between your browser and the server.
For information on the official Google SSL HTTPS guidelines here.
Who doesn’t process any data through their website?
That’s right, it’s likely your website does. If it isn’t, it probably should be, check out our article about processing customer data on your website. Whether it’s a simple contact form, customer area or full web application with advanced features and data to boot, you will need to get hooked up with the most mediocre of SSL certificates to help keep your customers’ data secure.
It’s remarkable how many small businesses we’re approached by to enter discussions on how to improve their website and the first things we notice relate to minor technical aspects of the website or server, analytics setup or basic on-page SEO. That’s not to say there is a particular party at fault, often the website may be particularly old or simply neglected somewhat without the expertese on-hand to continue updating in accordance with reccomended standards and compliance.
So, how can I get the SSL certificate situation sorted?
This is where you have to adopt a considered approach. You should always consult the original or trusted developer to audit the website or platform the website runs on. They will be able to advise if the application can route requests via HTTPS immediately on switching and re-routing traffic. If you’re running a WordPress website, you’ll need a wordpress developer to search and replace the database for the old HTTP URLs, replacing with HTTPS routes to your content. Don’t panic, it’s a reletively straightforward task and can be easily performed with a database tool or this handy search and replace tool for wordpress (Caution! if you don’t know exactly what you’re doing, this tool can destroy your database, or worse leave your application with security vulnerabilities. Read the docs carefully though and you’ll save a lot of time and stress).
Once you’ve ascertained who and how your application works with HTTPS, you can now access your server to install the SSL certificate or contact your host and they will install it for you. There are many methods how you can do this, we won’t go into each and every instance here and recommend sourcing the information first for how this can be done, you’ll want to find out what server you run and what level of SSL you will require.
Contact your developer and hosting company in the first instance and from there you will up and running in no time and for years to come. Don’t hold off any longer though, it’s now been 4-5 years already where we should all be running our website with HTTPS and a valid SSL.