By Cal Evans, Developer and SiteGround Ambassador
Data security is essential for every person who uses the Internet, but if you have your own site, the stakes are even higher. If your site isn’t encrypted, not only will your SEO suffer, but you put yourself and your site visitors at risk.
There are two types of secure certificates, free ones that you create yourself, and then have them signed by a trusted authority or the ones you purchase or get directly from an SSL store or your web hosting provider. No matter the size of your audience or the type of site you run, you’ll want to ensure that your data is encrypted. Mostly, anything you wouldn’t tell a stranger should be protected this way.
Having that padlock symbol next to your domain not only builds trust with your visitors but protects their personal data from attack. The key to deciding how to procure that certificate is to determine what benefits you need most from having one.
So how do you know if you need to purchase a secure certificate or use a self-signed one? Each offers its own unique benefits – security, support, and validation.
Paid secure certificates primarily offer two things, validation, and support. Validation that Google will not diminish your SEO and that customers will know that your site is trustworthy. Support from your certificate provider throughout the process of obtaining and maintaining the certificate. The more support and validation you are looking for, the higher the cost of the certificate will be. Buying an SSL certificate guarantees that the certificate will work with 99 percent of browsers, ensures the site is HIPAA and PCI compliant, offers a lifetime of reissues, and provides 24/7 support. These considerations are key for sites that handle large medical and financial information.
Using a self-signed certificate, on the other hand, can be a daunting task for less tech-savvy individuals. Most developers working in special cases use self-signed certificates. Also, the authority that they are signed by is VERY important. It has to be signed by an entity that has its root certificate ALREADY embedded in a browser. This is how the browsers recognize a certificate as valid. Unless self-signed certs are signed by a trusted authority, they will ALWAYS throw a warning to the user asking them if they want to continue. That’s why self-signed certificates are not recommended for the general public, even low-traffic/low-risk sites.
LetsEncrypt certificates are the middle ground that solves the dilemma of a paid vs. self-signed certificate easily and freely for everyone. SiteGround – and many other reputable web hosts – now give users the option to install a LetsEncrypt cert directly from the admin portal with a single click.
It’s worth noting; the ability to create a certificate and have it signed by a trusted authority is key in ushering in the era of eCommerce. The opportunity to sell products to visitors easily and securely encouraged more business owners to jump into the industry.
Whether you’re a master coder or a novice blogger, the right security certificate is out there for you. When you prioritize the data security of your site and your audience, you will provide not only a better customer experience but a safer Internet for all.
For more detailed information about the types of SSL certificates, you can check out the Geek2English podcast episode on SSLs.
About the Author
Cal Evans, Developer and SiteGround Ambassador. For the past 15 years, Cal has worked with PHP and MySQL on Linux, OSX, and Windows. He has built a variety of projects ranging in size from simple web pages to multi-million-dollar web applications. He enjoys building and managing development teams using his widely imitated but never patented management style of “management by wandering around”. He is currently a member of the SiteGround Ambassadors program and in addition to building and managing dev teams enjoys speaking at conferences on various topics. Cal can be reached at www.linkedin.com/company/siteground-web-hosting-company/.