Cybersecurity and web security are two things that cannot be taken for granted anymore. For any modern business that is utilizing the power of the web to expand itself, web security should be among the topmost priorities. And when it comes to web security, SSL security is among the most important things for any website. If your site is not protected by SSL, then not only you are at a much higher risk of being hacked but also the data of your visitors (i.e. usernames, passwords, etc.) at the risk of being stolen.
Now, if you already know this fact and started searching for SSL certificates, you might have heard the suggestion of choosing a shared SSL certificate. But is that the right choice? Should you opt for a shared or a private SSL certificate? These are the questions we are going to answer for you in this article. Let us begin with a brief introduction of SSL certificates, which you can skip if you know about it already.
What is an SSL certificate?
A good quality SSL certificate (i.e. Comodo SSL certificate) is basically a validation of your business identity issued in a digital format. It is issued by a trusted certifying authority (CA) in the name of your business, and once installed on your server it makes your website load over secure HTTPS protocol instead of the default HTTP protocol. The result of your site loading over HTTPS protocol is that all data being transferred between your visitors and your server is encrypted before being sent by the browser or server, and no one can spoof your business identity on a similar-looking domain as they won’t get an SSL certificate in the name of your business. This serves two purposes:
It gives your visitors an easy way of checking whether they are dealing with your official website or a cloned version of your website.
Secures all data being sent between your server and their device with help of encryption, thus protecting it from the prying eyes of hackers who may want to steal it by capturing data packets.
Now, SSL certificates come in two options: Shared or Private. With this basic overview in mind, now we will look on what each of these certificates means and what you get with them.
How to Create A WordPress BuddyPress Intranet Website
Shared SSL certificate
A shared SSL certificate is one that is installed on the server and protects all domains hosted on that server. So, for example, if a shared SSL certificate is installed by your web host on its server, it will protect not only your site but also all other sites besides yours that are hosted on the server. It does not cost you anything, and it provides the same level of protection that any DV SSL certificate would provide. The problem with it, however, is that it protects your domain as if protecting a subdomain, which means that your URL, when protected with it, shows not as http://yourdomain.com but as https://yourusername.hostname.com. It may load as yourdomain.com when loaded over the default HTTP protocol (if you’ve not forced the loading of your site over SSL by creating redirects), but whenever it has to load over HTTPS it’ll load as yourusername.yourhost.com only. There are a few consequences of it:
- First, if any of your visitors see your URL converting from http://yourdomain.com to https://yourusername.hostname.com then it may scare them off.
- Secondly, you cannot set up payment gateways or secure login pages with this kind of certificate.
- Third, if your host’s SSL is compromised due to any mistake or misconfiguration on their part, all domains protected with it are compromised, including yours.
- Fourth, the green SSL padlock does not show the name of your company as the certificate has not been issued in your company’s name but in the name of your host.
- Fifth, it exposes your cPanel’s username, thus creating a major loophole in the security of your site.That is all about Shared SSL certificates. Not a bad deal since they are free of cost. With that in mind, now let us look at the private SSL certificates.
Private SSL certificate
A private SSL certificate, as its name suggests, is your own SSL certificate. You purchase it for your domain from the CA, thereby eliminating all the issues of a shared SSL certificate. It protects only your site, and it shows your company’s name when someone clicks on the green SSL padlock. You can also use it to set up secure login gateways and payment gateways and your cPanel username also remains completely private and known to you only.
There are some other benefits too when you decide to pay for your own private SSL certificate:
- You can choose yourself between various types of SSL certificates that are available in the market from domain validation (DV), organization validation (OV), and extended validation (EV) certificates. You can also select between single domain, multi-domain, and wildcard options.\
- Manage your certificate yourself, thus being responsible for your configuration and installation on your own. No chance of something messing up on the side of your host with regards to your SSL configuration.
- You can also use it on multiple servers if it is protecting your domain or a subdomain under your domain. You can reissue it or revoke it as per your convenience.
Private SSL certificates are also known as Dedicated SSL certificates among some vendors and webmasters. Do not feel confused between both these terms if you find them being used interchangeably.
Summing up – Which one should you choose?
By now it may be clear to you that the advantages of Private SSL make it the preferred choice for most websites. These days private SSL certificates have also become quite affordable, so buying one should not be difficult for you. However, if you still want to opt for a free shared SSL certificate then you should ensure that your host is a reliable hosting service provider. Because if your host is not reliable, the chances of something going wrong with SSL configuration on its side are higher.
Top WordPress Community Themes