The above diagram illustrates what Google Chrome says. In this case it says our website is secured. What Google Chrome really should say is the website is encrypted or not encrypted. It is worth noting that Chrome is not the only application that takes this approach. Many virus checkers and security products will actually block access to non encrypted websites.
The reasons a website is not always secured when you have a SSL certificate are as follows:
- You might be using a week administrators password which would comprimise your website.
- You might have out of date plugins in your WordPress backend.
- The theme you are using is not up to date.
- The version of WordPress you are using is not up to date and current.
- We recommend using a security plugin to help secure your website.
- On shared hosting, your webhost does not secure the servers on their end to stop DDOS attacks.
- Your website has malware on it. This is still possible even though you have an SSL certificate.
This is why we do not like the terminology secured/not secured. This is giving webmaster a false sense of security.
Tommorow we will post on how we secure and protect our WordPress sites. Please continue reading and share a comment in the box below. Also, please share this blog post so we can explain to web site owners what SSL really means.