Does My Website Need a TLS/SSL Certificate?

Let’s start this post off with a quote from Harry, one of our developers.

“If domains were famous movie props, then TLS certificates would be the props’ certificates of authenticity. If somebody tries to sell you Indiana Jones’ whip with no certificate, how do you know it’s the real one?” 

Websites need a certificate of authenticity so that users, browsers, and search engines know it’s legit. This certificate is called a TLS certificate, which stands for Transport Layer Security, but what is it, what does it offer, and why is it pretty much essential nowadays? In this guide, we’ll talk all things TLS encryption to help you make an informed decision about your website’s security.

What is a TLS/SSL Certificate?

A TLS certificate, previously known as an SSL certificate, gives your website a layer of security and encryption not found on basic websites. The certificate proves the website is legitimate (authentication), scrambles the data between your device and the website for any sneaky onlookers and hackers (encryption and decryption), and ensures that data between your device and the website isn’t tampered with (integrity). 

This typically happens in less than a millisecond. Let’s break the process down:

1. You visit a website on your device.
2. Your browser, e.g. Chrome or Safari, checks for the website’s TLS certificate.
3. The website gives your browser a public key which your browser uses to encrypt the site’s data.
4. The website then uses its own private key to decrypt that data (this is called a handshake).
5. A secure session is started. Boom, done.

What’s the difference between a TLS and SSL certificate?

TLS stands for Transport Layer Security, while SSL stands for Secure Sockets Layer. They are essentially the same thing, but TSL has replaced SSL as an upgrade that fixed previous SSL vulnerabilities. Just think of TLS certificates as the bigger, better, more modern version of SSLs.

How do you know if a website has a TLS certificate?

The good news is it’s incredibly easy to tell if a site has TLS encryption. 

HTTPS

Sites with a TSL certificate will show https at the left of the URL instead of http. If you see a website with the prefix http, be aware that the site isn’t secure and it’s best you don’t enter any personal information on it.

Padlock

Many browsers will show a little locked padlock symbol next to a TLS-encrypted website.

Warnings

Some browsers will actually stop you from trying to get onto dangerous unencrypted websites. You’ll be given a warning screen instead, providing you with the details and asking if you’re sure you want to proceed. We advise you to heed the warning!

Why does my website need a TLS certificate?

Prior to October 2017, and back when it was still SSL, an SSL Certificate was only really necessary for e-commerce websites, to encrypt payment details and personal user information. The bonus for non-e-commerce sites was a little extra credibility and trust for users.

Now, however, a few things have changed. As mentioned before, Google alerts web users to the potential security risk of entering unsecured websites. Further to this, the introduction of GDPR back in May 2018 means the UK Government holds web administrators accountable for securing their customers’ data. The fines for non-compliance are pretty serious, so it’s definitely not worth the risk to leave your site unencrypted.

Https is also a direct ranking factor. It’s not much of a shock that Google trusts an encrypted website and will view it favourably when it comes to ranking it in search results pages. We all know by now that Google values trust, and a site without a TLS certificate just screams, “I can’t be trusted!” 

Plus, it can act as a serious knock to your business’s reputation; no one is going to trust your website if they’re warned away from it. It’s also worth noting that visitors will often abandon the site altogether if they’re faced with a warning, either put off by it or assuming the site is broken. This means none of your content, no matter how good it is or how much work you’ve put into it, will be seen. 

Put plainly, your website needs a TLS certificate to comply with GDPR, to have a greater chance of ranking well, to give users the security from hackers they deserve, and to ensure your content isn’t hidden behind a warning page. 

Which websites need to consider a TLS certificate?

Still not sure if you need a TLS certificate for your website? Our below guide will hopefully banish any confusion;

Your website takes payments

Certificate needed: Yes
For GDPR: Yes
For Google: Yes

If you take payments via your website, you need a TLS certificate. Unfortunately, if you have an e-commerce site or a payment gateway and you don’t have TLS encryption, you’re very late to the party.

Your TLS certificate keeps your customer card details, addresses, and email addresses safe and greatly reduces the risk of data getting stolen, which could have serious financial implications for both you and your customer.

Your website has a user log-in area

Certificate needed: Yes
For GDPR: Yes
For Google: Yes

User profiles store a good amount of personal data, including names, addresses, email addresses, passwords, dates of birth, telephone numbers, and more. If you have a user profile section within your website then you need to make sure you’re securing that data.

Your website has a contact form

Certificate needed: Yes
For GDPR: Yes
For Google: Yes

The information your customers pop into contact forms is considered personal data and falls under the UK’s GDPR rules. Google also adds warnings to contact forms on non-secure websites to alert the user to the potential risk. The ICO (Information Commissioner’s Office) has the power to issue ​​notices, warnings, reprimands, enforcement notices and administrative fines, which can be as much as £17.5 million or 4% of your annual worldwide turnover, whichever is higher, depending on the offence. So, want to avoid fines and scaring off potential leads? Upgrade to a TLS certificate, pronto.

You have none of the above but you’re interested in the SEO (Search Engine Optimisation) of your website

Certificate needed: No (advised)
For GDPR: No
For Google: No (advised)

Having a TLS certificate gives confidence to your website’s visitors that you’re thinking of their online security. A good reputation is essential! Not only that, but Google actively encourages security in web browsing and is more likely to pop you higher in search results if your site is encrypted. If you want to optimise your site for search engines, a TLS certificate is a must.

Just encrypt it!

You’ve probably guessed by now that here at Nu Image, we strongly recommend a TLS certificate for all websites, no matter their type, especially if they fall into any of our above categories. We don’t mean to sound dramatic, but lock it up or suffer the possible consequences. It’s a hard world, folks! 

“Free, secure, SEO friendly. There is literally no reason not to have one.” – fab developer Harry, again.

Ready to protect you and your site visitors? As part of our Managed Hosting package, we include TLS encryption certificates. You don’t even need a Nu Image-built website to take advantage of this service, so get in touch no matter where your site is from for safe and secure hosting with TLS encryption to boot. 

A couple of examples of sites using our Managed Hosting service are Ship Shape Bedding, expert marine mattress makers who take payments for their boat mattresses, bedding and more online. Another is Office Furniture Scene, an online furniture retailer selling office furniture from their site across the country. 

Want to join the ranks? Come on board for Hosting Management and get placed on one of our secure, safe and private virtual servers where we’ll keep you and your customers safe from hackers via TLS encryption, automated daily backups, and more. Three cheers for website data security! Call us on 01603 859007 and let’s chat.