An SSL certificate does NOT mean you have a secure website

Is that news to you? If it is you really MUST read this.

I’ll keep it short and sweet and keep technical jargon to an absolute minimum.

You need an SSL certificate but it really does not mean your website is secure. Let me explain…


SSL certificate TLS secure connection

Cryptographic protocols: Secure Sockets Layer (SSL) certificate, and it’s successor Transport Layer Security (TLS) allow secure communications over the internet. You can see in the address bar of this site, the green SECURE and lock which tells you that you are where you are supposed to be and that no one can snoop or tamper with your communications on this site.

SSL/TLS certificates ensure a secure connection. That’s it.

They do not ‘secure’ your website.

SSL/TLS certificates are issued by a Certificate Authority (CA) and are stringently verified against the ownership of the website to which they are issued. When you connect to a site with a certificate the browser goes through a series of checks to make sure that all is present and correct. Assuming that it is then you are granted a connection.

The only way to know for sure, is to check, yourself.

You may still be leaking user IDs, directory listings and all your plugin and theme information, which all expose potential vulnerabilities. You can visit and found out now.

I have also put together a useful guide to interpreting your test results, you can find it here.