Instead of doing daily tech tips, I’m going to be doing one per week, probably on Tuesday’s.
So, here’s your Tech Tuesday: Your weekly design/dev tip
If you’re going to be collecting ANY customer data – name, address, email, credit card information, payment details – you need an SSL certificate.
SSL stands for Secure Socket Layer – an internet protocol for securing data transfer between a user’s computer and the website they’re visiting. This includes data like usernames, passwords, payment details, and more.
An SSL also ‘certifies’ that your website is authentic and not a phishing attempt or an unapproved copy.
Now, a lot of hosting companies include SSL certificates these days and it’s simply a matter of enabling it in your account, but some hosts don’t which means you will need to get one yourself.
Why is this important?
The standard internet protocol (HTTP) doesn’t encrypt the data between your site and the user’s computer which can allow hackers access to any and all information on your site. An SSL encrypts all the data between the user and your website, making it much harder for hackers to gain access to sensitive info.
Most online payment services require an SSL on your site before you can receive payments. Google also recommends using SSL and sites that do, seem to land slightly higher in search engine results.
If your hosting service doesn’t provide an SSL, you can get a free one through Let’s Encrypt, Cloudflare or others. It can be tricky to get it installed, though but most services will guide you through the setup process.
There are also several SSL plugins for WordPress you can use as well, though I prefer not to use a plugin to handle it. (We’ll talk about plugin related stuff another time.)
You can always hire someone to help you install the certificate if you’re unsure how to do it yourself or don’t have the time or inclination. A pro can usually get something like this installed and setup for you pretty quickly.
I highly recommend adding SSL to your site, even if you don’t accept payments. It can help prevent phishing attacks, build trust with your audience, and maintain PCI compliance – which is really beneficial should you decide to add e-commerce to your site or collect sensitive data from your users later on down the line.
The bottom line is that SSL is beneficial whether you accept payments on your site or not.