Why SSL alone won’t secure your website

A common myth is that an SSL certificate will completely secure your website. This is not the case. While an SSL certificate will certainly help make your website a more secure place to visit, there is far more you need to do to protect your site beyond enabling HTTPS.

It’s easy to see why such a myth has gained traction. After all, it would be so much easier if a single digital certificate could protect your website and its users from all possible harm. While SSL certificates are certainly powerful and important, there’s so much more you need to do in order to keep your site safe from vulnerabilities. SSL is just one small component of website security.

So, what else is it you need to be doing? This article will tell you just that! We’ve compiled five key things you need to do to keep your website safe — beyond HTTPS and SSL.

But first, let’s talk a little about what SSL certificates actually do and where the confusion stems from.

The purpose of SSL certificates

You may have heard that SSL certificates encrypt data. This is true. However, this data encryption is limited only to when it is in transit between a client and a server. In plain english, that would typically be a web browser and a website, respectively. Once data has completed its journey, been decrypted, and then stored on a website, the SSL certificate’s job is done. There are other measures you must take to ensure data is safe once it’s stored on your website. 

Another common myth is that a website that has an SSL certificate should automatically be considered safe. This unfortunately isn’t true either. In actual fact, the number of spam phishing websites with SSL certificates is actually on the rise. We cover this topic and how to protect yourself from malicious websites that use SSL in this article.

For now, let’s take a closer look at how you can keep your own website safe and secure.

Five ways to boost your website security

Apart from installing an SSL certificate, here are five other things you should be doing to keep your website as secure as can be. 

1. Ensure your site has effective anti-malware protection

A good hosting provider will take care of a lot of malware precautions behind the scenes and have built-in antivirus and antimalware protection. If you haven’t yet chosen a hosting provider for your site, be sure to research what protections they offer to keep the websites they host secure. Check whether they use the latest server hardware, if their software firewalls are up to date, and how frequently they scan and test security systems. 

You can also check your site for malware and viruses by using a free website security scanner, such as Sucuri or VirusTotal

2. Make strong passwords mandatory

Security experts have been talking about the dangers of weak passwords for years, but it’s still not something a large chunk of Internet users take seriously. Case in point is the fact that the top five commonly-used passwords across the globe in 2019 were:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 1234567

These passwords are basically the definition of weak. With their simple patterns and predictable letter and number combinations, even the most novice hacker could crack these easily. Passwords need to be strong and they need to be uncrackable to keep your data and your users’ data safe.

Here are some best practices for creating strong passwords.

  • Make your password long — 10 characters at least
  • Don’t use any personal information
  • Use a complex combination of uppercase, lowercase, numerical, and special characters
  • Don’t share your passwords with anyone
  • Change your password once every quarter

Make sure this is enforced sitewide, for anyone involved with the running of your site.

3. Update your website regularly

No, we’re not talking about keeping your content fresh, but updating site software and old files. Some website builders will do this automatically, but if you use a CMS, such as WordPress, you will need to regularly run updates for core software and plug-ins. It’s imperative to use the latest version of software you use, as older versions often have security flaws and weaknesses and can serve as a point of entry for hackers. Similarly, always do your research before installing plugins and ensure they’re from a reputable source.

4. Back up your website regularly

A website backup is a saved copy of your website and everything on it, from databases to content files. Much like number 1, a good hosting provider should have automatic backups included in their plans. If you update your site with fresh content regularly, you should backup your site every time you do. In this case especially, you may not want to depend solely on your hosting backup and also look into a third-party backup service for added peace of mind. By backing up your website regularly, if anything does happen to it, you’ll be able to get it back online relatively quickly.

5. Don’t automatically accept comments

If left unobserved, comments sections can become a breeding ground for spammy bots and fake accounts posting shady links that could compromise the security of your users. To combat this, change your site settings so that you must manually approve any comment before it appears publicly. If you use WordPress, there are a number of plugins you can use to filter out spammy comments (and also enhance general security), such as Akismet or Hide My WP.


As good as SSL certificates are, they’re not a catch-all security measure. We hope you leave this article with a good overview of other measures you can take to enhance your overall website security. Once you’ve taken these measures, you can strengthen your SSL and make sure it’s working like it should by checking out this article
Haven’t yet taken the plunge by getting an SSL for your site? Check out our handy guide to choosing the best SSL for you.

Share on Twitter, Facebook, Google+