Why You Need an SSL Certificate for Your Website
No matter how big or small your company is, it’s important to have a secure website. You’ve probably read about data and website security and the rise of online fraud, from phishing breaches to data scams, and other serious hacks. Whether you’ve heard troubling stories about hackers accessing sensitive information or just want to add an extra layer of security to your website, a Secure Sockets Layer (SSL) and HTTPS, the secure version of HTTP, are essential for maintaining data privacy.
According to a GlobalSign survey, a whopping 84% of users would abandon a purchase if data was sent over an insecure connection, which is a clear indicator that website security is a major factor that could impact online sales. For a tour and activity operator who takes online bookings, website security and consumer confidence are hugely important!
After reading this guide, you’ll understand why adding SSL and HTTPS to your website is so important and how you can do this in just a few simple steps.
What are SSL and HTTPS?
SSL, or Secure Sockets Layer, is a form of security technology that ensures that the data passing between a web server and your internet browser remains private. SSL protects sensitive information such as users’ credit card information and any personal information such as social security numbers they choose to share with the website.
You may have noticed from different websites you’ve visited that some URLs start with HTTP while others begin with HTTPS. That “S” stands for secure encryption, which is only guaranteed with an SSL certificate. HTTPS is the secure version of HTTP and ensures that any communication being sent online is secured by the SSL connection and other tools, like CloudFlare.
Even if you haven’t paid much attention to HTTPS or SSL while surfing the web, these days the average web user is familiar with online fraud and knows to look for an HTTPS when considering whether or not to trust a particular website with their personal information. Google and other search engines have also started to flag websites without an HTTPS as “potentially not secure” and warn people before taking them to the site. Many searchers navigate away when they see this warning message from Google. This is just one of the many reasons to make sure your site has SSL.
How do I know if my website has SSL or HTTPS?
Wondering if your website already has SSL? It’s easy to find out! Enter your URL and look for the https:// prefix and the lock icon in the browser window.
If you don’t see that lock icon, don’t worry. By the end of this guide you’ll be able to add an SSL certificate and HTTPS to your site and have the peace of mind that your data is protected.
Does FareHarbor use SSL?
Yes! We’ve put an emphasis on secure communication between you, your customers, and FareHarbor since the beginning. When a customer makes a booking using our online checkout process, they will always see the Securely Encrypted badge, letting them know their booking has been securely encrypted over SSL and their information is safe.
While all online bookings are encrypted through our software, and your customers’ booking and credit card information is secure, other website elements may still be vulnerable to hackers. This is one of the many reasons you should add SSL to your website!
Why do I really need SSL?
It’s more secure: Protect users’ sensitive information from phishing attacks, scams, and tracking and protect your own website from hackers and attacks.
It establishes customer trust: When you go without SSL, your visitors will see a Not Secure warning when visiting your website.
Would you send money or information through a site marked Not Secure? Probably not. And your customers won’t either. This type of warning makes people wary, and if your website is flagged as “Not Secure” your potential customers are likely to leave before even looking at your tours or activities. The HTTPS and lock symbol indicate to potential customers that you take your security — and business — seriously.
It’s a ranking factor: Google is very serious about its browser security, and that extends to your website as well. Apart from using the Not Secure warning on HTTP sites, Google’s future standards will rank HTTPS sites more favorably than those without SSL, and HTTPS has been a factor in Google’s ranking algorithm since 2014.
So, how do I get SSL and HTTPS for my website?
Even though the FareHarbor booking process is securely encrypted, we still recommend adding SSL to the rest of your website and moving to HTTPS to increase trust for both search engines and customers.
SSL can usually be added by your web developer or through your hosting management for a minimal yearly fee. To find out if your hosting provider offers HTTPS, check out the full list of hosting providers on the Certbot tool, a free open source software for enabling HTTPS.
If your provider does not offer HTTPS, you can use Certbot to get a security certificate on your website. Certbot may be the right choice for you if you have an HTTP website that’s already online and administered via a dedicated server, virtual private server, or cloud-hosted server. See if Certbot is right for you and learn how to use it.
We’ll also go over how to add SSL to some of the more common hosting platforms.
WordPress: WordPress.org is a Content Management System that requires you to host your website on another server. If you use a hosting provider like GoDaddy or BlueHost, check with them to see what options they offer for adding SSL. Otherwise, you can add SSL with CloudFlare. More on that later.
WordPress.com is a free hosting platform, allowing you to host your website with your own domain name directly on WordPress. HTTPS is included for all websites hosted on WordPress.com.
Self-hosted websites: Self-hosted websites mean that you have complete control over your site content as well as the server it’s hosted on. If you have a self-hosted website, you should purchase an SSL certificate on your own server. To do this, it’s best to check with whoever is already familiar with your setup, like a web developer or administrator. This is the quickest way to determine how to add SSL in this case.
Web hosting providers (BlueHost, GoDaddy, Hostgator, etc.): Hosting providers offer server space that you can lease or own for hosting your website. Review what SSL options are available to you through your current provider and plan, as many providers can enable SSL for you. Some even offer it for free with certain plans. If your provider doesn’t offer SSL, they likely partner with a service, like CloudFlare, that does.
Website builders (Wix, Squarespace, Weebly, etc.): Website builders allow you to build websites without manually writing code, making them a popular option for people who don’t know how to write code. However, most website builders only provide SSL on their own checkout or e-commerce pages.
Many of these builders do not have the capability to install SSL certificates from a third party. Some platforms like Wix provide SSL for you, so make sure to choose a website builder that offers this option.
Adding SSL with CloudFlare
If your current setup does not include SSL, you can purchase an SSL certificate from a third party and install it on your server.
We recommend getting your certificate from CloudFlare, a trusted security and web performance service that offers several options for SSL.
Start by creating a free CloudFlare account.
Once you’re logged in, you’ll be able to browse several SSL options. We recommend selecting either Full SSL or Flexible SSL.
Full SSL requires an SSL certificate to be installed on your server and offers full security on your website. The install process varies depending on your hosting service, but it is fairly technical, so we don’t recommend attempting it by yourself unless you have prior experience. Get in touch with your hosting service or consult your web developer to install SSL.
Flexible SSL does not require you to install an SSL certificate and provides a basic level of security while enabling HTTPS, which displays the lock symbol on your website. The flexible option encrypts traffic from CloudFlare to your end users, but does not encrypt traffic from CloudFlare to your origin server. It may not be as secure as other options, but it does protect your website against threats like ad injection over HTTP and snooping on public WiFi.
Redirecting your website to HTTPS
Once you’ve installed your SSL certificate, you need to make sure your website is directing all HTTP requests to HTTPS, triggering the lock symbol in your browser. Do this by enabling the Always Use HTTPS feature in the CloudFlare Crypto app.
You also need to make sure that all of your website assets such as links and images are loaded over HTTPS. Do this by enabling the Automatic HTTPS Rewrites option on CloudFlare.
Confirm that everything is working correctly by typing https://[yourwebsitename].com in the browser, and be sure to include the “s” at the end of “http.” Check that your website loads successfully with a lock symbol next to the URL.
Now that you know about the dangers of having a non-secure site, we’re sure you want to add SSL right away. Contact your developer or website hosting company to see what options are available to you.