SSL stands for Secure Sockets Layer. It's an of import protocol for securing and authenticating data on the Internet. Because of movements like Encrypt All The Things and Google's push for more widespread SSL adoption, SSL has been a popular topic in web circles. But despite that fact, many webmasters are still unsure how SSL works and why it'southward of import…or even what SSL stands for in the offset place!

While we already covered what the acronym means, we'll dig a picayune deeper in this entry and tell you what SSL is, as well every bit how information technology works to brand the web a better place for both you and your website'south visitors.

What Does SSL Stand For? How SSL Works

Just to reiterate – SSL stands for Secure Sockets Layer. It's a protocol used to encrypt and authenticate the data sent between an application (like your browser) and a spider web server. This leads to a more secure web for both you and the visitors to your website. SSL is closely tied to another acronym – TLS. TLS, curt for Transport Layer Security, is the successor and more up-to-date version of the original SSL protocol.

Nowadays, SSL and TLS are often referred to as a grouping – e.g. SSL/TLS — or interchangeably. For instance, Let'southward Encrypt (which we'll discuss more in a second) advertises offering "Complimentary SSL/TLS Certificates." But you'll likewise notice plenty of websites just discussing SSL certificates, even when they actually mean TLS.

SSL/TLS certificates
An example of combining SSL and TLS

And then where did SSL outset come up from and how did nosotros become to where we are today with TLS? SSL version ane.0 was adult past Netscape in the early 1990s. But due to security flaws, it was never released to the public. The first public release of SSL was SSL two.0 in February 1995. While information technology was an improvement over the unreleased SSL 1.0, SSL 2.0 also included its own gear up of security flaws, which led to a consummate redesign and the subsequent release of SSL version iii.0 one twelvemonth subsequently.

SSL version 3.0 was the last public release and was eclipsed in 1999 when TLS was introduced equally a replacement. At this point, SSL 3.0 is deprecated and no longer considered secure due to its vulnerability to the POODLE attack. As for TLS, it'southward at present on TLS ane.three, which offers a number of improvements to performance and security. Kinsta supports TLS i.iii on all of our servers and our Kinsta CDN.

Why Aren't We All Using TLS Certificates And so?

You likely are. Though the spider web customs mostly refers to them equally SSL certificates out of convenience, certificates are non actually dependent on the specific protocol in their proper name. Instead, the actual protocol that is used is determined by your server. Which means that even if you think you installed something chosen an SSL certificate, you're likely actually using the more than up-to-engagement and secure TLS protocol.

Until the web customs adopts the TLS terminology, though, you lot'll likely continue to see such certificates virtually often called SSL certificates for simplicity's sake.

How Are HTTPS And SSL Connected?

The people who congenital the Internet love their acronyms – another term that you'll commonly see discussed when talking well-nigh SSL/TLS is HTTPS.HTTP (without the Due south) stands for Hypertext Transfer Protocol.

HTTP and its successor HTTP/ii are both application protocols that underpin how information is transferred around the Cyberspace. They're essentially the foundation for data communication on the Net. When y'all add together back the S, it merely becomes Hypertext Transfer Protocol Secure (or HTTP over TLS or HTTP over SSL).

Essentially, SSL/TLS secures the information that is sent and received over HTTP. This has a number of benefits…

What Are The Benefits of Using SSL/TLS?

Many webmasters operate under the false assumption that SSL/TLS only offers benefits to sites that process sensitive data like credit cards or banking details. And while SSL/TLS certainly is essential to those sites, its benefits are by no ways limited to those areas.

One of the principal benefits of SSL/TLS is encryption. Whenever you or your users enter information at your site, that information passes through multiple touchpoints earlier it reaches its final destination. Without SSL/TLS, this data gets sent as plain text and malicious actors tin can overhear or alter this information. SSL/TLS offers point-to-point protection to ensure that the data is secure during ship. Even a WordPress login folio should be encrypted! If an SSL document is nowadays but isn't valid, your visitors may be faced with the "your connection is not private" error.

Some other key benefit is hallmark. A working SSL/TLS connectedness ensures that data is being sent to and received from the correct server, rather than a malicious "man in the eye." That is, information technology helps to prevent malicious actors from falsely impersonating a site.

The third cadre benefit of SSL/TLS is data integrity. SSL/TLS connections ensure that at that place's no loss or alteration of data during send by including a message authentication lawmaking, or MAC. This ensures that the data that gets sent is received without whatever changes or malicious alterations.

Beyond encryption, authenticity, and integrity, there are also other less technical benefits like:

  • The potential for improved rankings in Google organic search
  • Improved trust with visitors

How Can You Tell If A Website Is Using SSL/HTTPS?

The easiest style to see if a website is using SSL/TLS is to look at your browser. About browsers marker secure connections with a green padlock and/or a message. For example, in Google Chrome, you can expect for a greenish padlock and the Secure bulletin:

How Google Chrome treats HTTPS
How Google Chrome treats HTTPS

While in Firefox, yous'll merely meet a green padlock:

Subscribe Now

How Firefox treats HTTPS
How Firefox treats HTTPS

In Microsoft Edge, you actually don't run into a color, only rather a elementary grey and white padlock.

How Edge treats HTTPS
How Edge treats HTTPS

Is Google Going to Penalize Sites That Don't Apply SSL?

Recently, Google has been rolling out an increasingly severe set of penalties/warnings in Google Chrome for sites that neglect to install SSL certificates. These penalties started in January 2022 with the introduction of a Not secure alert on pages that asked for credit card details or passwords without an SSL certificate:

Chrome Not Secure Warning January 2022
Chrome Not Secure Warning January 2022

That change was the first nudge in Google'due south push to increase SSL and HTTPS usage. Only recently, they've ramped things up even further.

Increased Non Secure Warnings in October 2022

In Oct 2022, Google rolled out even more aggressive notifications. Starting with Chrome 62 (released October 17, 2022), Google added the Not secure warning to:

  • All HTTP pages where users enter any type of data, including something as unproblematic as a search box. The alert will non appear on the initial page load, simply will announced any time a user starts entering data into a field
  • All HTTP pages in Chrome Incognito Mode
Chrome Not Secure Warning October 2022
Chrome Not Secure Warning October 2022

Google Is Only Going To Get More Aggressive

Google's long-term plan is to eventually marker all HTTP pages as Non secure. That means even if yous don't enquire users to make full out whatsoever type of form fields, you'll eventually be caught by the alarm no affair what. For that reason, it's important that you start planning to make the move to SSL/TLS and HTTPS now.

In 2022, Chrome started displaying ERR_SSL_OBSOLETE_VERSION warning notifications when sites employ TLS ane.0 or TLS 1.1 (legacy versions).

How to Install An SSL Document On Your Site

Many hosts brand it easy to install a free SSL/TLS certificate. Hither at Kinsta, all verified domains are automatically protected past our Cloudflare integration, which includes free SSL certificates with wildcard support. Other hosts may use a service chosen Let'due south Encrypt, which offers free SSL/TLS certificates. You tin can view a full list of hosts that support Let's Encrypt here.

If your host doesn't offer free SSL certificates, or if you want a dissimilar blazon of SSL certificate, yous can also purchase your ain certificate from a 3rd-party provider.

You can read this guide for instructions on how to add an SSL certificate to your site at Kinsta. You can do it with a single click!

What to Do After Installing an SSL Document

Yep – there are both technical and non-technical actions you need to perform afterwards installing an SSL document. Outset, on a technical level, information technology's of import that you redirect all HTTP traffic to HTTPS. Y'all should also ensure that y'all aren't loading any assets via HTTP. Usually, this will be your own images or external content you pull in, similar scripts or external ad services. This helps you lot avoid the Mixed Content Warning.

Beyond those 2 technical details, you'll also likely want to perform the following tasks, depending on the tools that yous use:

  • Add together the HTTPS version of your site in Google Webmaster tools.
  • Make sure tracking scripts like Google Analytics or others are ready upwards to work with HTTPS.
  • Make certain y'all are not getting any SSL connection-related fault messages.

All in all, SSL/TLS is an important protocol for creating a safe, secure web. And at present that you know how SSL works, if y'all oasis't fabricated the switch already, we encourage you to consider installing an SSL/TLS certificate and moving your site to HTTPS.

We have a very detailed HTTP to HTTPS migration guide make sure you read it and follow the steps!


Relieve time, costs and maximize site performance with:

  • Instant help from WordPress hosting experts, 24/7.
  • Cloudflare Enterprise integration.
  • Global audience reach with 29 data centers worldwide.
  • Optimization with our built-in Application Performance Monitoring.

All of that and much more, in 1 plan with no long-term contracts, assisted migrations, and a 30-day-money-back-guarantee. Check out our plans or talk to sales to find the programme that's right for you.