How SSL Works and Why You Need it

If you have a WordPress site for your business, you probably already know about its benefits, and you may have already learned the basics. But do you know how SSL works to secure your site?

In this article, I will explain what SSL is, how to identify a secure site, how SSL works, and why your website needs it.

What Is SSL?

SSL stands for Secure Sockets Layer. SSL is a standard security feature for websites that protects sensitive, personal information, such as:

  • Login information
  • Address
  • Phone number
  • Social security number
  • Credit card data

SSL Secured
SSL creates a secure, encrypted link between an Internet user’s browser and the website the browser is connecting to. Encryption means that no one other than those two parties can read the information being sent back and forth.

That way, a hacker or anyone eavesdropping on the exchange of personal information cannot read it.

SSL also uses authentication to make sure your data is sent to the right website.

Lastly, SSL assures you of data integrity, which means that no one can change the information before it gets to the intended party without being detected.

Identifying a Secure Site

You can tell that a site is SSL-secured by looking at the address bar of the website you’re on.

secure and unsecure connections
If you see a lock icon next to the website title and URL, the website is SSL-secured. The “s” after HTTP in the URL (https) also means that it is secure.

If the website title is green, it has extended validation SSL security. This means that the website has additional certification beyond basic SSL validation.

Extended validation is a great choice for e-commerce where credit card information is given. This extra layer of certification helps consumers trust the website, driving more conversions.

How SSL Works

To understand how SSL works, you need to know a little about what happens behind-the-scenes when you go to a website.

When you go to a website, your browser communicates with the web server you’re visiting. Your browser needs to make sure that the server is safe before connecting.

Remember what your mom said about not talking to strangers?

Your browser is just as wise. It has built-in safety checks to protect you from unknown and unsecured websites.

How SSL Works
When you type in a web address into your browser and hit enter, a hidden conversation between your browser and the server begins. But you’ll never hear it. Here’s what happens, in a nutshell.

  1. Your browser initiates an SSL connection to the server in what’s called a “client hello.” This is where the browser asks for the server’s credentials.
  2. The server then tells the browser that it’s safe to proceed and gives a “server hello” along with a copy of its SSL certificate.
  3. Next, the browser reviews the SSL certificate to see if it is trustworthy. If the SSL certificate has been verified by a Certificate Authority (CA), the browser can trust the website. CAs are controlled by a security organization such as Comodo, Symantec, and GoDaddy. If the site is trustworthy, the browser sends the OK to transmit data.
  4. The server then sends their OK back to the browser, establishing a secure connection.
  5. At this point, trust is established, and they can exchange information.

Who Needs an SSL Certificate?

So, now that we know how SSL works, how do you know if you need it?

Let’s discuss when SSL certification is required, and when it’s highly recommended.

1. The Payment Card Industry Data Security Standard requires all e-commerce sites to have SSL. This includes email, banks, and social networks. This regulation is called PCI Compliance.

2. If your website requires login information with a username and password, you should have an SSL certificate. This ensures that your users’ private information is safe.

3. If users submit personal identifiable information (PII) on your website, you should have SSL encryption. PII includes phone numbers, addresses, and social security numbers. SSL keeps your user’s information secure.

If your website has fields asking for these three types of confidential information, you should have SSL protection. This ensures that site visitors will see the green lock icon next to your URL, so they know they can trust your site.

Web sites running on Firefox (version 51) will not have the green lock icon if they ask for sensitive information without SSL protection. Instead, they will have a gray lock with a red slash through it. Similarly, Chrome browsers (version 56) will have gray text that says “Not Secure.”

These warnings can erode your visitors’ trust.

Will I Need SSL?

Now, let’s say your website doesn’t ask for any sensitive information. Should you still get SSL protection?

Yes. This is because in future Chrome updates, all websites that lack SSL certification (ones that say HTTP rather than HTTPS) will be labeled “Not Secure” with a red triangle that has an exclamation point (!) in it. Even sites without fields for sensitive information will warn the user that the site is not safe.

This could drive visitors away from your site. Even though you may not need SSL encryption on your site, many visitors will feel unsafe, and they may leave your page.

For this reason, it’s wise to get SSL protection if you don’t already have it, even if your site is benign. Plus, you’ll get a search ranking boost from Google for having it.

If you want SSL certification, but you’re turned off by the price, you might consider a company like Let’s Encrypt. They offer free certification.


To sum up, SSL is a standard certification that provides encryption, data integrity, and authentication for business websites. It protects your customers’ PPI and your reputation.

You can tell that a site has SSL protection by looking for the “https” in its URL and the lock icon. Extended validation sites have green in the address bar.

When a browser tries to connect to a server, it initiates an SSL conversation to make sure the site is trustworthy. If a Certificate Authority has verified the site, it passes the security check. The parties can then safely exchange personal information.

All business websites should have SSL certification. If your website sells items, requests login information, or asks for personal information, you need SSL certification. This helps your customers trust your brand, and it boosts your placement on Google Search.

If your site only has content, such as a blog, it’s still wise to get certified. That way your site isn’t flagged as “Not Secure” by future versions of Chrome.

I hope this post has helped you understand how SSL works and why your website needs it. If you have any questions or feedback, feel free to post a comment below.

Question: Have questions or just want to say Hi? You can leave a comment by clicking here.

Until next time……


Selma is a passionate creator who continues to branch out and explore new artistic endeavors. She is a Web Developer and Internet Marketer. She was an early online entrepreneur, who launched her web design company in 1996, and she has been working solely online since 2004. She is a proud mom of 5, who calls the picturesque Iceland home. Her versatile interests also include Songwriting, Electronics Technician, and she is a published Children’s Book Author.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

8 thoughts on “How SSL Works and Why You Need it

  1. Previously I thought only sites that sold items needed an SSL, but I have since learned they are important for any site that is on the internet. Your post is a great resource for those wondering if they need to get one, and why. Great information!

  2. I never really knew the importance of the SSL Certificate until recently. Reading this post was very helpful and informative. I will absolutely be doing this on my new blog. Thanks so much!!

  3. Very nice explanation about SSL, it covers the why and how without getting into too much techie talk.

    I also like the look of the page with the bio block at the end of the article 🙂

  4. Hi Selma thanks for this really helpful post.
    SSL has always been a bit of a mystery to me particularly why some sites have a green padlock but I never seem to get past the grey version. Now it is much clearer.
    Looks like I need to do something better than use a free option like Let’s Encrypt.

    And your information is also timely because I have just had 4 emails saying that my SSL certificates for a few simple websites all expire on 30 December. Presumably because they were all issued 12 months ago by Let’s Encrypt.