Arantor
Legendary member
VIP Rocketeer
Bronze Member
1-Year Membership
Posting Machine
Content Creator
So, SSL means the connection between a user's computer and your site is encrypted. Why does that matter?
1. Google, Bing etc. will all penalise you if you're not HTTPS. That alone should be motivation for anyone looking to build an audience.
2. It's not just about running a store or taking payment: if you are not using HTTPS, literally everyone on the network between a user and the server can see all the traffic, unencrypted. That means anyone in range of you while on wifi, that means anyone in range of you on cellular. That means everyone between the user and the server and the average jumps through 12-30 servers to get from user to server. That also means user logins are entirely harvestable by anyone on the same network, often the same datacentre. We know there are bots sat on the bigger VPS providers just scanning for traffic they can harvest. SSL deals with it.
3. SSL is available for free through Let's Encrypt. Set it and forget it, it automatically renews every 90 days without you having to do a thing. If your host doesn't offer it, they're very likely scamming you (or, you're on a VPS or better and likely have the tools to set it up yourself equally for free)
Incidentally, it's also a measure of protection (not entirely, but it's more than nothing) that the content wasn't tampered with along the way. SSL mostly meant the end of forum hosts injecting ads into your site's code without ability to do anything about it because the SSL prevented them from doing it.
We're coming up on 5 years of Google, makers of the most popular browser on earth, literally telling users that non-HTTPS site owners don't care enough about security to take basic precautions against hacking and tampering. I'm pretty sure this is going to become illegal in the EU before long for any site that accepts user logins from general users without HTTPS because it violates the data protection rules for protecting users.
There was a time it was acceptable to not worry too hard about HTTPS, but that was the old web. The new web is infinitely more frightening. Infinitely more rewarding too, but one must take proper precautions.
1. Google, Bing etc. will all penalise you if you're not HTTPS. That alone should be motivation for anyone looking to build an audience.
2. It's not just about running a store or taking payment: if you are not using HTTPS, literally everyone on the network between a user and the server can see all the traffic, unencrypted. That means anyone in range of you while on wifi, that means anyone in range of you on cellular. That means everyone between the user and the server and the average jumps through 12-30 servers to get from user to server. That also means user logins are entirely harvestable by anyone on the same network, often the same datacentre. We know there are bots sat on the bigger VPS providers just scanning for traffic they can harvest. SSL deals with it.
3. SSL is available for free through Let's Encrypt. Set it and forget it, it automatically renews every 90 days without you having to do a thing. If your host doesn't offer it, they're very likely scamming you (or, you're on a VPS or better and likely have the tools to set it up yourself equally for free)
Incidentally, it's also a measure of protection (not entirely, but it's more than nothing) that the content wasn't tampered with along the way. SSL mostly meant the end of forum hosts injecting ads into your site's code without ability to do anything about it because the SSL prevented them from doing it.
We're coming up on 5 years of Google, makers of the most popular browser on earth, literally telling users that non-HTTPS site owners don't care enough about security to take basic precautions against hacking and tampering. I'm pretty sure this is going to become illegal in the EU before long for any site that accepts user logins from general users without HTTPS because it violates the data protection rules for protecting users.
There was a time it was acceptable to not worry too hard about HTTPS, but that was the old web. The new web is infinitely more frightening. Infinitely more rewarding too, but one must take proper precautions.
Welcome to Admin Junkies