One of the things that is causing great confussion is people who think that having an SSL certificate means that their website is secure. This is so not the case and one that we need to explain why it’s not the case.
SSL means Secured Socket Layer. What this really means is that the traffic from the user of the website to the website itself is encrypted. Encryption does not gurantee that a website is secured. Let us explain why in more detail below.
The above diagram illustrates what Google Chrome says. In this case it says our website is secured. What Google Chrome really should say is the website is encrypted or not encrypted. It is worth noting that Chrome is not the only application that takes this approach. Many virus checkers and security products will actually block access to non encrypted websites.
The reasons a website is not always secured when you have a SSL certificate are as follows:
- You might be using a week administrators password which would comprimise your website.
- You might have out of date plugins in your WordPress backend.
- The theme you are using is not up to date.
- The version of WordPress you are using is not up to date and current.
- We recommend using a security plugin to help secure your website.
- On shared hosting, your webhost does not secure the servers on their end to stop DDOS attacks.
- Your website has malware on it. This is still possible even though you have an SSL certificate.
This is why we do not like the terminology secured/not secured. This is giving webmaster a false sense of security.
Tommorow we will post on how we secure and protect our WordPress sites. Please continue reading and share a comment in the box below. Also, please share this blog post so we can explain to web site owners what SSL really means.