To enable website security, you must have an SSL Certificate
Quick background . . .
You may already know that Google is rolling out a carrot-and-stick policy to induce all websites to use encryption.
Starting January 2017, if your website is insecure — it does not have a padlock symbol in the address bar — Google will start marking any website pages collecting credit cards or passwords with a red “not secure” symbol.
Back to the warning symbol . . .
Clearly this is an immediate STOP signal to watchful website users, but clicking on the symbol reveals a more explicit alert:
“We suggest you don’t enter any private or personal information on this page. If possible, don’t use the site.” — Google
There it is folks. Google is explicitly telling users to avoid webpages that are not secure.
From a marketing and sales conversion perspective, this is scary stuff. The last thing you want as a business owner is to have potential customers bouncing off your site due to security concerns.
But don’t worry, although this change will have a lot of websites owners scrambling, there’s a fix that solves the whole problem and makes the unwelcome red alert go away forever.
By the way, there are other good reasons to secure your website, including user trust, better search engine ranking, and faster download speeds.
The bottom line is . . .
To secure your website, you’ll need an SSL certificate, some modifications to your website and server files, and testing to confirm compliance.
In the long run, the move to a secure Web is truly best for everyone. We support the change.
[vcex_button url=”https://divorcelab.co/order-form/?package=secure” align=”center” size=”large” font_family=”Roboto” css_wrap=”.vc_custom_1491493892802{margin-top: 47px !important; margin-bottom: 47px !important;}” border_radius=”6px” font_padding=”19px 60px” font_size=”1.61em”]Convert your WordPress site to secure HTTPS quickly and affordably. $100 off — enter the referral code “amigo”[/vcex_button]
What is an SSL certificate?
An SSL certificate is an encrypted text file that binds a cryptographic key (conceptually similar to a password) to details about your organization: domain name, organization name, and location.
The certificate serves two purposes: authentication and encryption.
Since the certificate authority verifies that your domain belongs to your organization before issuing the certificate, the user is also reasonably assured that website indeed belongs to your organization. Secondly, the certificate creates a session key that encrypts the connection between users and your website. This assures privacy, since even if sensitive data is captured by a third-party, it cannot be read in encrypted form.
The certificate industry maze
The certificate industry is a confusing labyrinth of brands and cross-marketing partnerships. To newcomers, distinctions are tough to discern. Prices cover an enormous range — from zero to thousands of dollars per year. Yet, all certificates provide similar features and meet baseline security requirements.
It’s not hard to understand why technology companies jumped into the certificate business. What an awesome business model: stable, recurring, scalable, highly automated, fat margins. This cash cow has been well-milked for 20 years.
As a buyer, the trick is get the features you need without paying more than you must.
Let’s dive-in to find out why certificates are sold on so many prices levels, and how to tip things in your favor.
A small number of trusted Certificate Authorities actually issue certificates. In 2016, the top five — Comodo, Symantec, GoDaddy, GlobalSign, and IdenTrust — owned 91% of the market.
When you buy a SSL certificate, you’ll likely buy directly or indirectly from one of these top players. Certificates are sold by under various brands and price points, and they are also marketed downstream by hosting companies as well as many independent re-sellers and affiliates.
For example, Symantec sells premium certificates under the Symantec brand, but also markets mid- and low-tier products under the Thawte, RapidSSL, and GeoTrust brands.
Why not take advantage of this fragmentation?
Re-sellers often market brand-name certificates at a fraction of the certificate authority’s retail price — up to 70% off. Yet, the product is functionally equivalent. How is that possible? Because the incremental cost of issuing a new, basic certificate approaches zero. The system is largely automated and scales easily. A strong re-seller negotiates in bulk, and passes some that savings to consumers.
If you shop around, or use our cheat-sheet below, you can save quite a lot.
Another option is Let’s Encrypt. It’s an industry initiative that’s made quite an impact by offering free basic certificates. No bells and whistles, but nevertheless perfectly fine for many small businesses. A quick tip of the hat to Tecovas Boots; they did $1 million their first year in business . . . with a free Let’s Encrypt certificate.
The three kinds of SSL certificates
The primary difference between certificates is the level of validation — how thoroughly the receiving organization is vetted by the certificate issuer.
If you want a convey a high-level of assurance to your users that your website does indeed belong to your organization, and that your location and other business information are entirely legitimate, you can pay the certificate issuer to review additional documentation about your business.
These are the three verification levels:
- Domain Verification: Simple, fast, cheap. This is what most local businesses need — a green padlock symbol and an encrypted connection. The Certificate Authority simply checks that the organization owns the domain. They do that by asking you to respond to an administrative email address, or to upload a special file to your web server. The certificate assures the website user that they are visiting the intended domain. Although this type of certificate is considered “low-assurance” since no special validation measures are taken, it’s fine for many purposes.
- Organization Verification: A deeper verification process, and medium assurance, at a mid-tier price. This is for businesses that conduct a significant amount of e-commerce. The Certificate Authority checks documents to confirm the business identity and location, providing additional assurance.
- Extended Verification: Extreme verification and top-level assurance at a top-tier price.The Certificate Authority does in-depth research on your business identity and location, including cross-checking government and independent sources, phone verification, etc.
Warranties
The various levels of validation are typically related to a warranty amount, essentially a form of insurance, should the certificate or the certificate authority be breached. Let’s Encrypt offers no warranty. Paid certificates warranties typically start at $10,000, and move up to $1,000,000 or more. Naturally, you pay for that extra warranty coverage.
Cost and recommendations
The type of certificate you need depends on what you’re doing and the structure of your website domains.
Our typical clients, service businesses that are not deep into e-commerce, should look no further that a Domain Verification SSL Certificate and someone to do the technical installation process.
If your organization has multiple domains to secure, consider a UCC/SAN certificate. For multiple subdomains, a Wildcard certificate.
For the certificate itself, we recommend Let’s Encrypt. Let’s Encrypt is an industry initiative supported by Google, Cisco, Facebook, WordPress, and other leading companies. Let’s Encrypt certificates are FREE and auto-renew every 90 days. Pretty much set-it-and-forget-it. A few hosts support free certificates from Comodo, which are fine too. Call your web hosting company to find out if they offer Let’s Encrypt.
If your hosting company does not offer free certificates (maybe it’s time to change hosts?), you’ll need to pay at $20 – $60 per year, more if you buy directly from certificate authorities like GlobalSign, Digicert, Symantec, etc.
Getting it Done
We offer a guaranteed service to get everything done the right away. Please keep in mind, we only convert WordPress sites at this time. Find out if your site uses WordPress.
The conversion service for a flat fee of $400 (not including the certificate). Use the referral code “amigo” to get $100 off until this offer expires.
[vcex_button url=”https://divorcelab.co/order-form/?package=secure” align=”center” size=”large” font_family=”Roboto” css_wrap=”.vc_custom_1491493892802{margin-top: 47px !important; margin-bottom: 47px !important;}” border_radius=”6px” font_padding=”19px 60px” font_size=”1.61em”]Convert your WordPress site to secure HTTPS quickly and affordably. $100 off — enter the referral code “amigo”[/vcex_button]
Sources: