You might have heard: we do website development among our other marketing and online presence services. As such, we spend a lot of time talking to first-time website owners about the various parts that comprise a complete website, from domain and hosting to DNS and FTP. Recently getting an SSL certificate has become a high priority for all website, new and old. We’ve had some confusion from clients separating an SSL certificate and the other website security services, wondering why one form of security isn’t enough. Seems like a great topic for a blog, so here goes.
An SSL Certificate Provides Security… To Your Visitors
The short is that SSL certificates are becoming a mandatory part of websites due to browser and search preferences, but let’s go over the key information here:
SSL stands for Secure Sockets Layer and is the gold standard for establishing an encrypted link between your website and a user. All data transferred in this connection remains private by generating cryptographic keys (a public key to verify identity, and a private key for the actual data transfer) for both the website’s server and user. To create this SSL connection, a website must have an SSL Certificate, which is issued by a Certificate Authority, which acts as a certifier that your SSL is valid. This whole process is automatic: the only thing a user will see is the green lock on their address bar.
The key takeaway from this is that this encryption helps provide secure transmission for information between you and users, but doesn’t provide any layers of security between you and hackers who want to attack your website. While SSL can help make sure hackers can’t see the information you pass to your users or you to them, it doesn’t stop them from breaking in. So, what can you do?
Security Software Provides Security… To You
While SSL provides users security when they share information with you (and you with them), it doesn’t provide security between you and those want to get into your website. If SSL is the secured telephone to your home, the website security is how secure the doors and windows of your home are. Below are some of the tools you should use to avoid a break-in of your website.
Picking a Host with Solid Security
First thing’s first: where physically is your website being hosted? Depending on who you went with, or if you’re hosting yourself, the security in place makes a big difference. Something things to keep in mind when looking for a host (or asking your current one): is your website on a dedicated or shared server? What kind of anti-virus software is installed on the server? How are they monitoring for intrusions? What are the firewall and other hardware security like? These can all give you better ideas on your hosted security.
Installing Security Features on Your Website
Of course, that’s not all you can do. We use the WordPress platform to build our websites. As the most used website platform, a lot of companies have released security measures specifically for this platform, allow you to install plugins that can do a variety of security tasks. In addition, there are third-party services that can improve security when it comes to certain types of attacks:
- Malware and Virus Detection: We use an audit-and-scan software that monitors websites for unusual activity. If viruses or malware is detected, the site is quickly cleaned.
- DDoS Attack Protection: Our software also has brute force and DDoS (Distributed Denial of Service attacks) protection to deal with internet bots. Additional services like CloudFlare can also help.
- Captcha Security: Bots can also spam comments (such as on blogs) and forms at a website that can contain malicious links or simply be a source of clutter. Captcha services help screen out botted submissions to your website.
So, hopefully this helps you understand the difference in how SSL protects information between you and your users, while website security helps keep out malicious hackers and bots. Of course, these are only two aspects of a successful website. If you’re looking for a new website or to update your current one, give us a call at Vision. Beyond website design and development, we also can help you reach out on social media, advertise online, and much more.