Tech talk

Attention Self-Hosted Websites – Do you Have an SSL Certificate?

Published on by

Tech talk

Many of us bloggers are familiar with the basics of running our websites but may not be aware of all the techy things that run in the background that help our sites run smooth and safely behind the scenes.

 

What is an SSL Certificate?

An SSL certificate (Secure Sockets Layer) is a protocol which creates a secure connection between a client website and the server over which to information is sent using an encryption method to make sure information is secure from hackers.

Many website owners may not have been made aware of the importance of obtaining an SSL certificate. Having this certificate is what changes your site’s URL from beginning with ‘http’ to ‘https’. It’s the added ‘s’ for secure that makes our sites safely encrypted.

 

Why Do I Need an SSL Certificate?

If you’re someone like me who thought that by having an ‘https’ URL wasn’t important because I’m not selling anything on my site, for example: products that require a buyer to enter a credit card on your site to purchase an item, then think again.

An SSL certificate does much more than just provide a buyer a safe environment to enter their personal information. It provides security for ANYONE who enters their mere email address to a sign up or contact form from being phished by hackers.

 

What is Phishing?

Phishing is a method used by hackers and scammers to obtain information that isn’t securely encrypted, and once they’ve stolen personal data, they use those email addresses to send emails to try and get access to those addressee’s more private information so they can attempt to steal from them.

Those scammers will send an email stating they’re sending it from the hacked site, one that may look familiar to you, but if you’re careful you will notice the email address will also have a different tail end of their email address to the original site they say they’re sending from. What these hackers intend to do is make you think you recognize the email address it came from, then possibly offer you something, and in order to obtain their offer you must click on a link they provide. Once you click on that link and fill in your information is where the usual thievery begins because you’ve given an impostor your information.

I wrote a few posts in the past explaining about some phishing emails that have been going around from Paypal and some government sites and financial institutions, detailing how they try to get our information and how people who are unsavvy in detecting scammers get caught in their webs. It’s important that if you receive any suspicious emails, to pay attention to the sender’s email address and question yourself as to what these scammers are after WITHOUT clicking on any links they send to click on.

As I mentioned in an older post, government and financial institutions will NEVER send you emails asking to log into your account through an email link, but ask you to go directly to their website and login safely with your password.

 

How Can SSL Certificates Protect Your Site?

Even though you may not be selling anything on your site, anything you type into your browser on your site and anyone signing up to receive emails from you site can become susceptible to scammers in cyberspace if they try to steal info from that site.

Another example of being hacked without an SSL certificate is if you’re traveling and working on your website using a public wifi such as at an airport, hotel or even in a public cafe, hackers are plentiful in these vicinities and can easily steal your unsecured info in the same way. At least if you’re at home using your site on your own wifi, the odds of being hacked are much less than when you’re using a public wifi where anybody on that same wifi can hack your site if you open it.

 

Conclusion

I’m still learning a lot about my own website with every call I make to my webhost provider, Godaddy. And I’d like to thank Tim from tech support today for explaining the importance of having an SSL certificate to me. Any time I’m having a problem on my site, I call Godaddy and they are always knowledgeable and extremely helpful in solving my issues. They don’t push products on me, but sometimes make suggestions based on my usage and traffic to better protect and operate my website. And today I got an informative lesson about the importance of having this certificate, so I hope I’ve helped by explaining what I’ve learned about securing our websites.

 

Important Notes

  • Those of you on WordPress.com already have an https URL because WordPress is securely encrypted.
  • Many of you may notice now that when visiting my site that you will now be landing on my newly secured site – https://atomic-temporary-200280624.wpcomstaging.com, and/or if you’re still typing in the site – https://atomic-temporary-200280624.wpcomstaging.com, you will be automatically re-directed to the new secure version.
  • All of you who were previously signed up to receive my emails, as well as new sign ups are all safe and sound now.
  • Some of you who may have had trouble in the past leaving comments on my site, or getting booted while halfway through leaving a comment, will no longer have to endure that agony and frustration. Do know you weren’t alone. I had my own issues logging into my own site on occasion. Apparently, what I learned from Tim today was that WordPress had recently added new PHP code which was conflicting with logging in on self-hosted websites causing all kinds of glitches until Godaddy had to re-structure their platform to coincide with the WordPress changes. I highly recommend that if you’re self-hosted and having similar issues to call your webhost to rectify. It’s not always a WordPress issue for the Happiness Engineers, it could be a conflict of their changes with your webhosting. Sometimes WordPress doesn’t play nice with our domains and only our webhosts can rectify those issues.

I hope you’ve found this article useful. Please always leave me a comment if you have any troubles navigating my site. I don’t always know there’s a problem, but you know if I learn of one, I’m on it like flint! I’d like to thank all of you who’ve taken the time here or by email to let me know you were encountering glitches while trying to comment. I’m hoping it will be smooth sailing from here on!

 

50 thoughts on “Attention Self-Hosted Websites – Do you Have an SSL Certificate?

  1. Not sure how much it really helps or is necessary if you’re not selling on site BUT the time is coming soon when Google will start dinging your site in ratings if you don’t! Next it might get tighter than that. As the 800 pound gorilla among search engines they rule.

    Like

    Reply

    1. That’s why I asked lots of questions, and it turns out without a secure site, it’s easier for hackers to steal info from my site, and I wouldn’t want to jeopardize my readers even with their email addresses. But the thing that really stuck with me is the fact that when I travel and use my computer to go to my site on public wifi, I like the peace of mind knowing nobody can steal my info from me on those public sites. And yes, Google is clamping down and will rate your site higher with SSL. 🙂

      Like

      Reply

      1. See my Google + post on this today–via Wordfence. Google/Chrome is going to make us all miserable soon. You’re ahead of the game. Sadly, there’s a lot of BS scaremongering at work that will cost me and others money for each SSL certificate.
        If you don’t sell stuff from your site (needing credit card info) or require passwords from subscribers, then SSL protects ONLY YOU! It does nothing for visitors to your site.The worst case scenario is people logging into your site from an unsecured or open WiFi spot. Theoretically, hackers MIGHT eavesdrop on your site or your reader’s computer and catch them surfing your site. But the most they could capture is the visit and the email address of the reader if they leave a comment. Not much–considering the email address is widely known. Then too, the data mining that Google and a zillion others isn’t going to be blocked by SSL–only ad and tracking blockers do that. Which is a whole nother story. Soon, you may not be able to block ads or trackers if the corporate sites keep up the IT arms war that’s ongoing. So I will soon be consolidating some sites to reduce the costs I will incur for damn good reason!

        Like

      2. Wow John, that was an earful. Thanks for sharing the news. Greed mongers lurk everywhere it seems. And the bottom line is yes, if you have more than one site you’ll need one for each 😦 If it’s the law of the Google giants, then they should be FREE! 🙂

        Like

  2. This is such a much needed discussion. My web host offers one for only a $100.00 and when I first began blogging this concept was foreign to me to spend the money (plus a divorce, custody battle, and lifeless lawyers made sure any extra I had went there) on one. Since I’ve grown in my time of blogging and spending a minimum of 30 minutes a day clearing spam I’m purchasing my SSL very very soon!

    Like

    Reply

    1. Thanks for reading and sharing your insight here too Gar. I too never realized how important it is to have, especially the more readers our blog gains, and also I heard some speculation that Google rankings will boost your site if you have one, and that sometime down the road they may require every site to have one. 🙂

      Like

      Reply

    1. There’s always a risk to public wifi Annika, that’s why I’d never go into my bank account or purchase anything with a credit card transaction on public wifi, I just feel too vulnerable. But I never thought about the fact that if our website isn’t secured and I were to work on my blog on a public wifi that I was opening the door to hackers in the vicinity to steal information or email addresses. It’s really sad the way malicious people take advantage of innocent people’s livelihoods in the technology world too.

      Like

      Reply
  4. Pingback: Smorgasbord Blogger Daily – Friday January 13th – Blog Recommendations, SSL, Prompts, Editing and Ancient Man | Smorgasbord – Variety is the spice of life

  5. Let’s try the comment again. Not sure how much value the SSL is if you’re not selling stuff–BUT, it’s my understanding that Google, that 800 pound Gorilla of search engines, will sometime soon start penalizing those who aren’t SSL. That’s kind of what they did with sites getting dinged if they’re not responsive (mobile friendly).

    Like

    Reply

    1. Lol John, I could swear I answered this? 🙂 You are correct, I was told in coming months, Google will be coming down harder on sites without it for security reasons and if you have one they will rank your site higher too. As I explained in the post, it’s not only if we’re selling stuff, it’s also to secure our subscriber’s information they enter to sign up with their email, and for any other info entered to be encrypted from hackers. The fact alone that I can feel more secure while traveling, going into my dashboard on a public wifi is worth the price of admission alone for me.:)

      Like

      Reply

    1. If you’re with WP.com, they look after security, so you’re good. If you own your own website, you have to purchase the certificate from your webhost company, they help install it and you have to renew it annually. 🙂

      Like

      Reply

      1. Ah I see. Thanks for sharing your knowledge. I know nothing of such things. I’m happy enough being with .com it seems to provide me with everything that I need, but its still good to know these things. ?

        Like

  8. Sigh. The only sure things in life are change, taxes and the last mile.
    I used to be on top of changes when I worked. Retirement made me lazy and I didn’t need to keep up–mostly with software. Now keeping up happens with ‘a little help from my friend.’ ❤ ❤ 😛 Thanks, Debby.

    Like

    Reply

    1. Lol, thanks Tess. You’re so right, there’s always something to keep up with, especially when you own your own website, there’s maintenance just as there is with our homes. 🙂 ❤

      Like

      Reply

      2. Lol, don’t I know it! But it’s like everything else in life Tess, owning a website is like building a house, you add the parts your need to function and find the new stuff as you live there that can help your house function better. Nobody said it was easy though, lol. 🙂

        Like

  9. This is very helpful thanks, Debby. I have had a SSL for nearly a year and did not understand all the benefits. For a little while it caused some problems with it being a new domain name address. I think that is well sorted now. When I use Inlinkz I have to manually add the photo, I blamed that on the ‘s’.

    When I read that Google was going to favor sites with the ‘s’ I thought for once I am ahead on this LOL. Thanks again for all your detective work, I know that takes time and we are all helped by it.
    Kathleen

    Like

    Reply

    1. Thank you Kathleen for visiting and sharing some of your own experience. I spent quite a few hours with tech support yesterday fixing some login problems that were occurring for me and my visitors here and then getting educated on the SSL and installing it. I have to admit after everything was fine tuned, there were a few wonky things after the new SSL. I’m going to give it til Monday to see if it irons out or back to webhost support, but yes, Google will be clamping down on non secure sites, so you and I both are on the right side now. 🙂

      Like

      Reply

    1. Thanks so much Janice! I made the graphic a year ago, and reuse it for tech related articles. I think I got it from Pixabay.com if I remember correctly and then photo edited in getstencil.com where I purchased a lifetime licence to use (formerly shareasimage.com) 🙂

      Like

      Reply

  12. This is much-needed info, Debby! Thanks for posting this! When I self-hosted my blog through BH, a SSL was going to cost me $500 a year! That’s when I decided to go back to wordress dot com. I am glad to see others with SH websites that have low rates for the SSL.

    Like

    Reply

    1. Who did you host with? Wowza, that’s a king’s ransom! It costs $70 US at Godaddy >$100 Canadian, but they always offer promo codes and I got it for $59 Canadian! (1 year)

      Like

      Reply

    1. Thanks a bunch T. So it seems it is critical. I feel it’s my obligation to share information I learn as I go too. Thanks for sharing around as always and I will be by your page later to reshare. ❤

      Like

      Reply

  16. I’m not a techie person but this was so understandable and actionable. I’m sorry you had to spend so much time with Tech Support to get the information but please know that I am grateful to you for sharing what you learned. You make the rest of our lives easier. Bless you!

    Like

    Reply

    1. Thanks Ann. I always like to share what I sometimes learn the hard way to spare others, lol. And from what I understand, my post is well timed as by January’s end, Google will be clamping down on all sites that don’t have https security. 🙂

      Like

      Reply

  17. I always learn something new when I visit and catch up here Debby.. Now I didn’t know this. But can you tell me why when I go to my own WP site from Google I get the ! question mark flag for an unsecure site..
    I clicked that WP has a valid certificate.. The other options that HTTP mixed content is being used..
    Will this cause a problem?? as I am clue less.. 🙂
    Love Sue xx

    Like

    Reply

    1. Thanks for the compliment Sue. I’m somewhat tech savvy from learning my own website woes and investigating, but I’m no expert. But like I mentioned, WordPress.com is already an https secure site. I read an article recently that says Google will be cracking down on non secure sites as early as January’s end. I can only think that possibly when that happens those are just glitches with things in the works. You shouldn’t have to worry as long as you don’t own your site being with WP.com. 🙂 I know how annoying this tech stuff can be, trust me, lol. That’s why I always share my finds here. 🙂 xo

      Like

      Reply

Leave a comment