Join the community on Facebook

Securing Your Blog with SSL

Firefox in particular does this thing where it explicitly highlights a specific website as being “unsecure” if it hasn’t had SSL implemented, so too Google Chrome’s browser, although Chrome does it less glaringly. This applies to blogs too, especially if you have some sort of input form integrated into it like a contact form.

The truth is you don’t really need to implement SSL (Secure Server Layer) protection if you’re not going to be dealing with sensitive user data like passwords, but it’s still rather off-putting for your readers to see that red notification in their browser’s address bar reporting that your site is unsecure. Audiences who aren’t too clued up about these things might be put right off and be of the belief that your blog is a security risk to them, so it’s perhaps worth implementing SSL.

As mentioned, SSL is ordinarily for the protection of data which is sent over the web, like passwords. If a malicious user compromised the input data transmission channels of your site, deploying something like a “listener,” they would otherwise be able to see the passwords input by users in plain text. SSL encrypts this kind of data to add an extra layer of security, so if you’re just running a regular blog where all you really do is publish content, then there’s ordinarily no need for SSL implementation.

Again though, it comes back to the new updates which admittedly have been around for quite a bit of time now, those of the browsers displaying the “unsecure” message.

The good news though is that SSL encryption is no longer as expensive as it used to be a mere 5-6 years ago. Actually it is still expensive, but there are more options now beyond the likes of the well-known, mainstream SSL names. In fact, with an open-source project named Let’s Encrypt, SSL encryption is now all the way free!

Since SSL is quite a technical feature to implement, for a blogger such as yourself it would be easiest to implement it from within your web hosting service provider’s control panel.

So I’m going to get just a little bit technical here, so bear with me, but it’s a necessary discussion to have.

The cPanel (control panel) provided by your web hosting service provider likely has a “Let’s Encrypt” icon as part of the additional services available alongside the core services and features, but that’s basically just an indication of the fact that it’s available. Chances are you won’t be able to implement SSL encryption from inside the cPanel without a little bit of technical knowledge – technical knowledge which should be gladly provided by your web hosting service provider in the form of some step-by-step instructions.

Ask your web host how to implement the Let’s Encrypt SSL and they should respond to you with instructions on how to create a server system file with a piece of code in it that tells the browser with which any user accesses your site to redirect to the SSL protected version of your site.