Thank You, Let’s Encrypt, for Making the Web Safer in 2016
We all like to feel safe and secure.
Especially in a world paranoid about identity theft and online fraud.
We’re told to browse the internet with a suspicious mind and warned to be extra vigilant with our actions.
So we keep an eye out for a green https:// prefix to a given URL which acts a trust signal telling us that the website we’re browsing is secure, protected from the threat of cyber criminals.
This is thanks to a Secure Socket Layer, less formally dubbed SSL, which is quickly becoming a web development standard thanks to Let’s Encrypt, the driving force behind the explosion of SSL’s adoption in 2016.
We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web. https://letsencrypt.org/about/
What does SSL actually do?
Why haven’t we been using SSL?
SSL has been around for donkey’s years (since 1994) but up until recently it was mainly used by eCommerce sites and over-zealous web designers out to earn an extra buck, whether the site actually needed it or not…
One reason for SSL’s lack of popularity was because it usually spelt hassle, served with an added side of extra-cost for clients (on top of hosting).
Plus the certificates were a bit time-consuming and cumbersome to install (something about public keys?), a stretch beyond the capabilities of everyday WordPress users, which meant it usually required the technical savvy which teeters around the web admin level of intellect in order to get the job done.
This ‘inconvenience’ meant the average website or blog was served via http by default; unencrypted and unsafe. We’ve all been there.
How has Let’s Encrypt changed things?
Since Let’s Encrypt officially launched in May 2016, figures suggest a staggering 10+ million active certificates at the time of writing (that’s more than the population of Sweden!).
With Let’s Encrypt, installing SSL certificates has become a more automated process, completely free and, dare I say it, simple! You can find lots of useful information about how to install and SSL certificate using Let’s Encrypt here.
Should we all be using SSL?
I’m beginning to think yes, we should.
Granted that if you’re an average WordPress user who just wants to spin up a new site with a few pages, you could argue against need for SSL and we won’t chastise you for that (just yet).
But with many WP hosts now offering free SSL you don’t even need to lift a finger, your user login details will be encrypted, your website visitors will trust your site more and Google may even give you a bit of love too – which could mean better search rankings. Win win.
This rapid shift towards encrypted sites has changed our perceptions and SSL is quickly becoming ‘the norm’. We’re starting to expect it.
So whilst it can’t be said for sure that the web is categorically a safer place now, it sure does feel like it and with everyday people talking more about web security and Let’s Encrypt doing its best to make SSL more accessible, things seem to be heading firmly in the right direction.
What do you think?