Why SSL does NOT mean your website is secure

WordPress SSL

Is that news to you? If it is you really MUST read this.

I’ll keep it short and sweet and keep technical jargon to an absolute minimum.

You need an SSL certificate but it really does not mean your website is secure. Let me explain…


Cryptographic protocols: Secure Sockets Layer (SSL) certificate, and it’s successor Transport Layer Security (TLS) allow secure communications over the internet. You can see in the address bar of this site, the green SECURE and lock which tells you that you are where you are supposed to be and that no one can snoop or tamper with your communications on this site.

SSL/TLS certificates ensure a secure connection. That’s it.

They do not ‘secure’ your website.

SSL/TLS certificates are issued by a Certificate Authority (CA) and are stringently verified against the owner of the website to which they are issued. When you connect to a site with a certificate the browser goes through a series of checks to make sure that all is present and correct. Assuming that it is then you are granted a connection.

Filed under: Data encryption, GDPR, WordPress best practice, WordPress security