Green padlock for safe web pages

9 March 2018

Zielona kłódka, czyli bezpieczne strony internetowe | szmigieldesign

Table of contents Show

Why do I need a certificate?

You may have noticed that when you visit the websites of banks, social networking sites or some companies, a green padlock is displayed next to the website address. The web browser thus informs its users that it is communicating with the server via a secure connection. In practice, this means that all data coming from the server to the computer and vice versa, i.e. from the computer to the server on which the visited website is located, are impossible to read by a person who does not have a key.

When ordering a transfer or writing a message in the communicator, you send a sequence of private information to the server, addressing it to a specific person or institution. You do not want such data to be publicly available. Your bank passwords, account numbers or gift ordered in secret from the recipient are all “important”, “valuable” and “private”.

Companies that base their business on mass data processing know this perfectly well, so encrypted connections are normal in this case. If you have a private blog or a small business site, you’re probably not worried about SSL certificates, encryption and green padlock. Even if you understand the difference between a secure and a regular connection, investing a few extra dollars a year in a SSL certificate for a domain seemed unnecessary.

After all, I am not a bank, nobody creates accounts on my website, and in the contact form customers do not provide confidential information. Why do I need a certificate?

Building brand trust

Until recently, the presence of a green padlock next to a website address was in many cases only a negligible addition. Over time, browsers have learned to inform their users that they are not using secure connections.

For example, Firefox starting from version 52, adds a notice below the login field, that the connection is not secure and can result in password theft. You may not be selling online on your website or exposing users to data leakage, but if you have a content management system (e.g. WordPress), you log in with your login and password. If the connection is not encrypted, both the login and the password are sent to the server in plain text..

Let them break in, I have nothing important there, at most I’ll restore the backup I’ve made a month ago.

Think, however, what if you use the same password in your mailbox or social media? This is very common practice for people who do not use password managers and is quite likely to be the case for you as well.

Google Chrome — currently the most popular web browser, used by 60% of Internet users – starting from version 68, after entering a page without encryption, will inform users about an unsecured connection . On the address bar, in place of the green padlock, the information “Insecure” will be displayed.

The word “Unsecured” accompanied by the website address is not a good recommendation and may give the impression that the website owner does not take his recipients seriously. It is a pity that the money spent on a great website design and professionally prepared marketing texts will be lost if the recipient escapes in a sense of danger.

The message “Unsecured” simply refers to the lack of encryption during the data transmission. However, it is risky to assume that the reader has the technical knowledge to objectively assess the degree of risk. I have the impression that many people are much more likely to interpret this message as “Dangerous”, which will certainly not encourage them to stay on the site.

How do I get a free SSL certificate?

In fact, we can protect the page by not spending money on SSL certificate. It is enough to use hosting that cooperates with Let’s Encrypt platform offering free certificates , generated and renewed automatically every three months. Let’s Encrypt is a full-fledged Domain Validation certificate and in practice does not differ from commercial certificates of the same level (DV).

Ask your hosting provider if it allows you to generate Let’s Encrypt certificates for your account and, if possible, switch your website to encrypted traffic today. With an appropriate configuration of redirections from unencrypted to encrypted traffic, such a solution is free from defects and risk. You won’t lose your position in Google (in practice you’ll probably find it a few places higher in ranking), and all external services connected to the site should work without any modifications (reCaptcha, Analytics, Facebook Pixel, etc.).

Site security with the use of Cloudflare service

Cloudflare is a global, distributed content delivery network (CDN). It’s a solution that allows you to load your website content from the CDN server closest to you. CDN servers are not limited to images, they can also offer cache for most of the items on your site, so your site will open quickly wherever your users are located.

Of course, Cloudflare has premium plans, but it has a free plan that is available to everyone. For some time now, also in the free version, domains configured in Cloudflare have been able to use full SSL encryption. It is an alternative solution to Let’s Encrypt certificates, offering an additional layer of security (e.g. protection against DDoS attacks) and accelerating page loading – especially if we have many visits from abroad.

In practice, Cloudflare works like a distributed DNS system – in order to use it, we need to redirect the domain to Cloudflare servers. The entire optimization of content delivery is automatic and does not require any advanced configuration on our part. This is a very elegant solution, especially for companies without a budget for dedicated CDN systems.

Affordable, secure and fast hosting with Let’s Encrypt certificates and Cloudflare integration

The number of service providers providing support for Let’s Encrypt is increasing from month to month. However, there are still few that can offer integration with the Cloudflare API that allows remote cleaning of CDN cache memory or automatic configuration of subdomains.

If you are looking for the optimal solution for your website (or multiple sites at once), learn more about the dhosting. They provide:

One flexible hosting plan with scalability for hourly billing (you pay for resources with full control over their use);
Full integration and automatic generation of certificates Let’s Encrypt;
Integration with the Cloudflare API, making working with CDN effortless – you don’t even have to set up an account;
Latest versions of PHP script interpreter (including 7.2);
Commercial LiteSpeed web server (instead of an open-source Apache) with support for LiteSpeed Cache for WordPress;
Migration of existing services and e-mail accounts free of charge;
Phenomenal support – administrators solve problems usually up to one hour after reporting and communicate in a language that is understood by people not related to the IT industry.;
Own, readable and user-friendly hosting management panel;
Competitive core resources – even without running flexible scaling, you will get 1GB RAM and 50GB of disk space regardless of content (no need to declare mailbox and file system quotas).

I use dhosting services myself and I recommend it to my clients with success.

Order hosting

Does encryption affect performance?

Yes, it takes time for your data to be encrypted and decrypted. In practice, however, this is unnoticeable to users, and the benefits of implementing an HTTPS connection can paradoxically contribute to faster loading of pages.

When encryption is activated, you can use HTTP/2 technology to transfer data. This protocol introduces a number of optimizations to the whole process of “server-client” communication, contributing to shortening the time needed for displaying the website.

It is also worth remembering that Google favors sites using encrypted traffic in search results and this is an additional argument in favour of switching the site to HTTPS.

Summary

Consider implementing an SSL certificate for your website. This is not an expensive task – many hosting companies offer free Let’s Encrypt certificates, and in other cases you can manually redirect traffic over Cloudflare to get a secure connection.

In the context of the upcoming changes in web browsers, the lack of encryption may be a significant barrier in the process of building trust in the brand. The word “unsecured” accompanying the address is unlikely to encourage you to read the website.

It is worth remembering that as a consequence of the widespread use of encryption, awareness among Internet users has also increased. People begin to recognize and anticipate the green padlock in the address bar. In extreme cases, not having a certificate may mean that our content will not reach the users at all – they will flee from our site out of fear of an unsecured connection.

This entry has been automagically translated with DeepL translation services. I’d like to apologize for any spelling, grammar or logical errors in the content. Please let me know in the comments below if you find any mistakes worth correcting.

Łukasz Szmigiel

Takes photographs and comes up with designs from the need of exploration and profit. Deeply fascinated by post-humanism and culture in general. Privately - a perfectionist whose quest in life is to seek peace, good coffee and chocolate covered cookies.

0 Comments

Inline Feedbacks

View all comments