You’ve chosen your layout, designed graphics, generated content and your CMS website is ready to go live—but first you need to make decisions about securing it. This is where things hit a snag.
What type of security do you need? What do things like firewalls and secure socket layers even do?
If you’re working for a larger company – one that has out-sourced the building of the website or has a specialized team in place to work on it – chances are someone else has already made these informed decisions. It’s also likely you’re not using a CMS.
But if you’re a small business or sole proprietor, you may have some serious questions about how to secure your CMS website.
In this article we’ll look take a look at Secure Socket Layers (SSL) and talk about ten reasons you need to invest in an SSL certificate for your CMS site.
What is SSL?
SSL is one component of web security. While it’s absolutely crucial that you have a working SSL certificate, it’s worth noting that SSL alone will not secure your entire site.
What SSL does is encrypts data in transit. When a visitor comes to your website a connection is made between their computer and the server your site is hosted on. The two then begin open communication – sending packets of information back and forth – that are at risk of being stolen or intercepted by third parties. SSL removes that risk by encrypting that information.
There’s a lot more to it than just that, but for the sake of this discussion, that description should suffice.
Here are 10 reasons why you need SSL on your CMS website.
CMS sites are constantly the target of hacking
Content Management Systems or CMS, are one of the most popular methods for running a website. And of CMS sites, 75% are on the platforms WordPress, Joomla, Magento, or Drupal. You might think these companies would offer some sort of security given their size and prevalence—you would be wrong. In fact, these websites are open source and free to use, making them prime targets for cyber criminals. It’s not even that hard to hack a CMS site in most cases, given that they’re open source and largely unsecured. That’s why it’s extremely important to have multiple security solutions protecting your CMS website—SSL chief among them.
Many believe the entire web should be encrypted
Chances are you’ve heard of Edward Snowden. If you haven’t, we’ll skip the history lesson and simply say that his actions brought a newfound level of awareness to privacy on the internet. On the unsecured web, anyone can – for lack of a better way to put it – spy on you. They can see what information your computer is sending and receiving, which gives them insight into what you’re looking at, who you’re talking to and it might even give them some of your personal information. Because of this, a growing movement has emerged that wants to encrypt everything on the internet in order to protect the privacy of the individuals using it. It’s a vocal group that, regardless of your website’s purpose, you don’t want to run afoul of.
You’ll need one if your website lets users log in
If your website features an option to allow users to log in, then it’s absolutely essential that you have an SSL certificate. Think about it, how many usernames and passwords do you have? Do you have unique ones for each and every site you visit? Or are you like the vast majority of internet users and you reuse usernames and passwords at multiple sites? Chances are, you use that information in more places than one. Now think about this: many of your site’s visitors are likely in the same boat? Without encryption you’re asking them to send their username and password unsecured across the internet where it can be easily stolen. Without an SSL certificate, a cyber criminal could easily gain access to that information and then attempt to use it, not just at your site but at others—like financial institutions or other e-commerce sites. That’s a risk you can’t afford to take.
You’ll need one if your website has email
Does your website have an email function? If it does then you really need to encrypt your site. In addition to the login details that are required to gain access to email – details that, as we just discussed, are incredibly sensitive – you also have the potential for a malicious third party to intercept entire emails if your mail server isn’t encrypted. And simple SSL encryption isn’t enough in this case, to truly secure an email server you’ll need an e-mail signing certificate as well (think of it as a specialized email SSL). It may seem like a lot, but it’s really essential. Can you imagine the dangers of allowing emails originating from your email server to be unsecured? Everything, from the content of the emails themselves down to personal information like names and phone numbers in an email’s signature, would be at risk. As the late Johnny Cochran once said, “if the data’s at risk, you must encrypt.” Actually, the real quote was about ill-fitting gloves and acquittal but you get the over-arching idea: if there’s any potential risk of sensitive data being stolen, play it safe and encrypt it.
You’ll need one if you’re collecting any kind of personal information
Even if you don’t plan on letting users log in or having email functionality, if your site is accepting any kind of personal information at all—you need to encrypt. Even something as seemingly innocuous as a comment sections can be a vulnerability if you’re asking users to supply a name, an email address or any other kind of identifying information. All of your users’ personal information needs to be considered sacred—you have to protect all of it. You are not the arbiter of what is and is not important information. So, it’s best to just cover yourself and encrypt if your website is taking any kind of personal information from its visitors. Depending on your needs there are some very inexpensive certificates that will help you to secure your site while setting your visitors’ minds at ease.
You’ll DEFINITELY need one if you’re running an E-commerce site
This will likely be the shortest section in this article. Do you plan on selling things online? If you do, then you absolutely must get an SSL certificate. To run an e-commerce business, you will require your customers to give you pertinent information like their name, their address, possibly a phone number and most definitely their payment information. All of this would be extremely harmful to said customer – as well as to your company’s reputation – were it to be compromised. Don’t let that happen, if you’re running an e-commerce business—get SSL.
SSL Certificates inspire trust
Depending on the type of certificate you purchase, there are different trust indicators that will appear on your website. There are three types of certificate. Domain Validated (DV), which require you to simply prove ownership of your domain, are the most accessible and a great solution for non-e-commerce sites. Organization Validated (OV), which require you to authenticate your organization, are a solid intermediate choice. Both DV and OV come with a green HTTPS and padlock in your address bar. Then there is a third level, Extended Validation, which requires a more rigorous authentication process, that turns the whole address bar green and displays the organization’s name. All of these symbols are instantly recognizable, synonymous with security and will inspire trust in your visitors.
SSL Certificates show you care about your visitors’ privacy
As we’ve already covered, your users’ personal information should be considered sacred. Chances are they certainly look at it that way. Nobody wants to have their information stolen and nobody will come to your website if they think there’s a risk of that happening. That’s why those trust indicators – HTTPS, the padlock and the green address bar – are so important. Not only do they inspire trust, they show your website’s visitors that you care about keeping their information safe too. In fact, you care so much that you’ve made an investment to protect their privacy and give them peace of mind.
SSL Certificates improve conversions
It is statistically proven that SSL, particularly the Extended Validation level of SSL, improves the rate of conversions on your e-commerce site. The more a customer trusts you, the more they are willing to give you their business. Extended Validation SSL Certificates require your company to go through an extensive authentication process (don’t let that scare you away, it’s simple as long as you have your registration information up to date), but, in turn, it makes your visitors’ address bar green and displays your organization’s name in it. This proves to the user that not only is the communication with your site encrypted, but you are who you say you are and that has been verified by a trusted Certificate Authority (CA). This creates the highest possible level of consumer trust and significantly raises your conversion rate. If you’re running an e-commerce business, that’s one benefit of SSL that makes it less of a cost and more of an investment.
SSL Certificates Can Show You’re Credible
As we just discussed, SSL shows you’re credible. All three levels show you’ve made an investment in your users’ privacy. But the OV and EV level of certificates – which requires the CA to vet your organization – demonstrate that you’re willing to verify your identity. The importance of this cannot be understated. You wouldn’t take a ride from a cab driver if they didn’t have their information prominently displayed—that shows you that the person behind the wheel is who they say they are (and that they’re licensed). Why do you think doctors and lawyers hang their diplomas on the walls of their offices? Sure, because they’re vain—but also because of people like that reassurance. They like knowing that the person they’re about to do business with is legitimate—credible. SSL does that. Not only does it encrypt but it authenticates. And on the internet – and in your bottom line – that amounts to quite a bit.