What is a SSL Certificate; Do I need one?

01 May, 2018

If you are reading this, then you've undoubtedly seen the term 'SSL Certificate' or just 'SSL' mentioned somewhere or other in the past few months, and you might be wondering - what is an SSL Certificate, and should my website or application have one?

SSL Certificate stands for Secure Socket Layer Certificate, which is a file that allows your website or application to create encrypted and secure connections to your users. Websites using SSL can be identified by the prefix 'https' in their URL (the 's' stands for Secure); Your browser will typically display a green lock icon or turn the URL bar green when visiting these sites.

undefined
Example of Chrome's address bar with a secure (top), and insecure (bottom) URL

One of the most common ways for hackers to steal information, and marketing companies to track users, is to intercept the data sent when they are browsing the web - this is commonly called 'sniffing'. Sniffing can easily be done on a non-SSL connection with free software - so easily, that airports, coffee shops, any public wifi you use is almost definitely intercepting your traffic to some degree, if only to serve you better advertisements.

undefined SSL negates this vulnerability by creating a secure connection to a website, such that only the website, and your computer can understand the information being sent back and forth. So - do you need a SSL certificate? If your website has any type of form, or deals with any payment transactions, you're going to want an SSL certificate. Even a simple contact form should be secured with SSL to prevent a 3rd party from intervening. If your website doesn't have any of those - there is still a valid reason to have an SSL certificate: Google is using it as a search ranking parameter. This means that sites with an SSL certificate will appear higher in results than sites without one (https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html).

 

Hackers love Slackers

02 October, 2016

One of the most commonly used security vulnerabilities on the web today is outdated software - be that the Adobe flash player you keep ignoring every time you start your browser, or the version of WordPress your personal blog is running on.

Most websites today run on some type of open-source, or openly-available platform - WordPress, Joomla, Magento, any online shopping cart, etc. And these software platforms typically have plugins or modules created by other 3rd-Party developers that you or your web developers may have used. Keeping all of these various platforms and plugins and modules up to date can be time consuming or costly, and those dedicated to breaking into others systems use this to their advantage.

Keeping any online software you use up to date should be just as important as locking your house when you leave for the weekend. If you haven't already, enable automatic updates if your platform allows it (or ask your developer), and update any plugin, modules, etc as soon as possible. We recommend hiring someone, or utilizing a paid-for service to maintain updates as well - if your developer offers this service, take them up on it - plus if anything ever does happen, they will be there to help get you back up and running as soon as possible.

If it's too late and you believe your site is compromised; feel free to reach out to us - we deal in number of content management and e-commerce platforms; and if we can't help you, we'll point you in the right direction.

In today's web-based world, it is pertinent you keep all of your software as up to date as possible. For further reading, and some info on the most-hacked plugins and platforms, we recommend reading Scuri's 2016 Q1 Report.

 

Home