But there’s some confusion among what this means, because many people believe that having an SSL on their site means their site is secure. Not so fast! Guess what? Even with an SSL, your site can be hacked. An SSL won’t protect your site from being hacked.
When you look at a website online, you are using your web browser to view a website that is actually stored somewhere else, on another server. To view it, you connect through sometimes many servers to reach that server and view that site. That’s where the phase World Wide Web came from. If a site is not encrypted, then it’s possible that any information you submit on that website could be exploited during transfer from your computer/web browser to the server computer. When you submit a form, then that information could be intercepted. If you buy something with a credit card, then that credit card number could be intercepted. If a website is encrypted, that just encrypts the data as it passes between networks, meaning that your credit card information and your personal data are safe while being transferred between the two machines.
An SSL won’t stop someone from hacking your website.
Here are a few things and SSL doesn’t do:
It will not thwart a brute force attack, meaning someone can still attempt to gain entry to your site via password.
Installing SSL won’t stop someone from uploading malicious files once they have gained access.
Having SSL Security on your website won’t stop anyone from gaining access via insecure or outdated plugins or software.
Anyone will still attempt hacking into your control panel of your web host even if you have SSL installed.
There’s a false sense of security when you install an SSL, thinking you can never be subject to a hack, and this is simply not true. SSL only encrypts the data in transfer. It won’t stop someone from breaking into your site and once they get in, they can cause all kinds of havoc.
What does this mean for me?
It means you still need to use very strong passwords, keep your software up to date, and use trusted plugins as well as go through all the necessary protocols for securing your site.
If I don’t sell anything, do I need an SSL?
Well, yes and no. Technically, the answer is no. You don’t. However, it IS a ranking factor for Google. Google wants you to encrypt and they are making it more and more important to do. WordPress is pushing for encryption.
There are other benefits too. People are more likely to submit your forms and trust you if you have your site encrypted.
In the end, SSL encryption is good, and I am recommending it to all my clients. But don’t mistake that for website security. Both are important.