Episode 209

Mar 15, 2019

Is your website secure? Maybe you need an SSL certificate. Let’s talk about why.

Listen to "E209: What is an SSL Certificate and Why Do I Need One?" on Spreaker.
Image for E209: What is an SSL Certificate and Why Do I Need One?


Is your website secure? Maybe you need an SSL certificate. Let’s talk about why.

Sponsored by: Acuity and The Jojoba Company.


Sponsor message This episode is sponsored by Acuity, our 2018 software of choice. Acuity scheduling is your online assistant working 24/7 to fill your schedule. No more phone tag. Clients can quickly view your real-time availability and self-book their own appointments and even pay online and reschedule with a click. Handle all of your forms before the appointment so you can get right to doing the massage you do best. Look and act professional by offering convenient scheduling to your clients that matches your brand and your voice. Customer support is a delight, and Acuity’s style will help you relax and have fun running your business again. Check out the special 45-day free offer at massagebusinessblueprint.com/acuity.

Allissa Haines Hello, everyone. Welcome to the Massage Business Blueprint podcast, where we discuss the business side of massage therapy. I am Allissa Haines.

Michael Reynolds And I am Michael Reynolds. I love the way you say business. It’s always so bold. I feel like you’re standing on a mountaintop shaking your fist at the man.

AH (Laughter) You know, that’s kind of how I feel right now.

MR I can tell. I can feel you shaking your fist at the man. (Laughter)

AH (Laughter) So how are you this week, Michael?

MR I am doing well. I had a sick kiddo earlier in the week, but he’s feeling much better. The whole family is healthy for once. We’re coming out of this whole winter flu season funk, I think. I’m feeling good. How about you?

AH Nice. I’m good. I think we talked about it a little bit last week, but I’m going to talk about it again now because I had another victory that was part of my tax preparation meeting, which was that my CPA was like, what’s this Massage Business Blueprint thing you’re doing?

MR (Laughter)

AH And I got to tell him all about it, and it was super fun. He was like, wow, that’s cool. And he actually just joined a thing like that for CPAs. There’s a bunch of CPAs who are good are marketing and stuff and they created a company for CPAs that’s, like, kind of what we’re doing for massage therapists —

MR Love it.

AH — so he totally — like, he know — like, I’d talked to him in the last couple of years about what the Blueprint was, but he didn’t really get it. And then today, he was like wait, what? And he got it. He was like, that’s amazing. And I showed him our podcast and — I just clearly love my CPA; he’s just a delight. He is a compassionate and humble — and never made me feel bad about some bad decisions I made a long time ago, so I love him for it. So that was really exciting. So I am feeling a little like, “ahh, we’re kind of the word” today.

MR (Laughter) That’s pretty cool. It’s rare that someone actually understands our business. If people ask what I do and I’m like, oh, I’ve got a few different businesses. When I get to Massage Business Blueprint, I’m like, it’s a training/consulting business for massage therapists and they’re like, what? So if you’re not a massage therapist, you have no idea what it is we’re doing, so that’s really funny.

AH Yeah, it’s an online learning community.

MR Yeah, online — but people don’t know what that means, you know.

AH No, they have no idea.

MR So anyway, so I’m glad our community understands what that means. So, thank you, community, for listening and understanding us. (Laughter)

AH Thank you for utilizing this — thank you for learning how to listen to a podcast because that puts you way ahead of a lot of people, I’m learning.

MR There you go; there you go.

AH So on that note, actually, if you have a friend, a massage therapist, who you think could benefit from our podcast but they don’t know how to listen to podcasts, you should show them how. You should help them on their device. Find either — find us on iTunes if it’s an Apple device or in Google Play or Stitcher if they’ve got a non-Apple device. We’re everywhere. Or you can even just lead them right to our website and click on the little podcast tab, and you could show a friend how to listen to our podcast. And then you guys can hang out every month or two and talk about all of the things you’ve learned. And then look at that; you’ve got some peer mentoring going on. Good job, folks.

MR Yeah, steal a friend’s phone and subscribe them to our podcast.

AH (Laughter)

MR That’s your mission.

AH So I am especially excited about today’s episode because Michael is in charge of it, and I love when Michael geeks out.

MR (Laughter) I think you’re the only one. We’ll see.

AH So without further ado, I am going to hand it over to Michael to talk about SSL.

MR Lovely. I can tell our listeners are already on the edge of their seats because we’re talking about SSL. This came up, actually, in an office hours that I had to miss earlier in the week. Allissa informed me that there were a bunch of questions about SSL in the office hours, and I’m kind of sad panda because I was not there to actually answer the questions. So she’s like, hey, you should do a podcast episode. We’ll try to answer the questions. At the end, I’ll make sure that I catch anything that maybe I’ve missed based on the questions you heard, Allissa.

So we’ll talk about what it is briefly, halftime, and then kind of what to do. So SSL stands for secure socket layers, and SSL is simply a way to encrypt information going across the internet. That’s basically all it is. So if you go to your banking website, like your online banking or any kind of secure site, you’re going to notice SSL being used because it’s going to look a little different when you look at some of the details of the web address.

So SSL is, again, a way in encrypting data. So what it does is it’s — usually when you email or send information back and forth across the internet, it’s in plain text, which means that it’s basically the actual information you see is what’s going across the internet, literally across the wires that make up the internet and the airwaves and so forth. So what that means is it is possible for people to put little, you know, applications, little chunks of code, little programs on different points around the internet that can listen for information going by. And they can actually kind of — it’s called sniffing — or they can intercept it going by and they can read it. And if it’s in plain text, then they can read what you are sending, which means they can read your emails, they can read any kind of information you’re sending in email, attachments, et cetera. And so that’s why I always tell people to never send sensitive information in regular old email or even to put it into a form on a website if it’s not encrypted.

So that is kind of the backstory on why it’s important to encrypt stuff. So SSL is a way of encrypting things. So that’s why when you go to your online banking website, you can put in information and you can get information from your bank and you can feel safe because it is being encrypted. So when your bank is sending you information and you’re sending them information across the internet, it is kind of turned into code, basically, and then sent across the internet wires and airwaves, et cetera, and if someone’s intercepting it, all they’re going to see is a bunch of garbage, basically, a bunch of encrypted code. And it would, in theory, take them a really, really long time to decrypt it. So that is kind of the backstory on SSL.

There are other reasons to want SSL on your website and that is because Goggle has recommended it for all websites because Google has taken a stance that the entire internet should be encrypted for safety. I agree with the stance. Pretty much everyone agrees with the stance, and so they are encouraging all websites to activate SSL on their website.

So how do you know if your website had SSL on it? Well, load up your website — go to your computer or your phone or whatever, go to your website, and look at the address at the top, and there’s a couple things you can look for. So one thing you can look for is the letters in front of the address. So your web address is probably www.something.com. So look in front of that and you’ll see some http and slashes and stuff. If it says http colon double slash, it is not under SSL. If it says https, with an s at the end, colon double slash, then it is under SSL and you are encrypted. You can also — some browsers will actually light up a little green lock or you’ll see a little closed lock symbol. If you see an open lock symbol, it’s unencrypted. If you see a closed lock symbol, it’s encrypted. So what that means is whenever someone goes to your website, if they’re filling out an online intake form, if they’re filling out a contact form, if they’re booking online, whatever they’re doing, the information they are giving to you and putting into your website is being encrypted, which is a very good thing. So even if it’s something simple like name and email address, you know, I would want that encrypted. I don’t want people sniffing that information. It’s not necessary banking information, but it’s still sensitive information, it’s private. So this is why Google recommends that everyone use SSL on their website.

It also is becoming a factor in how well you’re being found on search engines. So Google has said that SSL is and will increasingly become a more important ranking factor in how well your website is getting found in Google searches. So all other things being equal, if you have another massage therapist in your town that has a website similar to yours, you’re both doing similar things, both are pretty well designed, if his or her website is under SSL and yours is not, they would probably have a little bit of a search advantage, it might come up higher in search because of that extra factor that Google kind of rewards them for.

So in a nutshell, the security of SSL is important from just protecting private data especially since we’re in the health and wellness business. Protecting information from our clients and patients is important. And two, it’s a ranking factor that helps us get found more on search.

So we’ll talk a little bit about what to do about it and how to get SSL in a moment, but before we do that, Allissa, who is our halftime sponsor?

AH It’s jojoba!

MR (Laughter)

AH I’m so excited — I’m thrilled, I’m utterly thrilled The Jojoba Company has sponsored us so lovingly for so long. And because I really, really believe in the product.

Sponsor message I really believe that massage therapists should only be using the highest quality products. Jojoba is nonallergenic; I can use it on any client and every client and not have to stress about how they react to it because it’s non-allergenic. It doesn’t go rancid so it can get hot and cold and it won’t get gross. It won’t get icky and old, it won’t make your sheets smell weird, and it is a really good carrier for essential oils, too. And I love The Jojoba Company is the only company in the world that carries 100% pure, first-pressed quality jojoba. That first press doesn’t make as much jojoba, but it makes a higher-quality jojoba. So you, I’m also delighted, can get 10% off orders of $35 or more when you shop through our link at massagebusinessblueprint.com/jojoba, that’s J-O-J-O-B-A.

AH And I’m going to jump in here and day it was really exciting to talk to my CPA about Blueprint this morning because he asked me — we were talking about sponsors. I was like, oh, we have a podcast; it has sponsors. And he says, do you just take anybody or are you really picky about your sponsor? And I was like, oh, heck yeah, we’re picky about our sponsors. And I told him how, like, we only let people sponsor our podcast if it’s a product that we truly believe in.

MR Yeah, we’ve turned away more sponsors than we’ve accepted.

AH We have turned away so many sponsors because we really want everyone to understand that if we say we like something, there’s a lot of trust behind that and that means a lot. And that is part of why jojoba, being such a long-term sponsor, is so important to me because we really — if you’re not following their Instagram and their Facebook, you really should. They do some amazing community stuff. They just took out a new intern. They’re just — they’re great. They do just a day of service as part of their holiday thing. Instead of going out for holiday lunch, they do like half a day of service in their community. Just the stuff they do and the things that use jojoba are amazing. I use that beeswax wrap that’s like in place — to replace plastic wrap in your kitchen. I’ve had it for a while and I’ve gotten some new ones because it wears out after about a year, but they use Jojoba Company jojoba. And there’s — oh, there’s something else I was just like, what? I use that product; that has your jojoba in it? It was great. So totally follow their Instagram.

Anyhow, we love jojoba and I’m delighted that they’re our sponsor. So thank you and y’all can get yourself 10% off a purchase of $35 or more when you shop through our link massagebusinessblueprint.com/jojoba.

Now, we’re going to launch back into SSL because Michael has more stuff to tell us.

MR I do have a few more things. So one other side note going back to the why, I forgot to mention that many web browsers like Chrome now are actually giving people pop-up warnings if you fill out a form and submit it and the site is not SSL encrypted. So like if you go to someone’s website and it’s not under SSL and you fill out a form on their site, it’ll pop up and give you a warning saying, hey, your form is not encrypted, and that could freak people out. So another reason to do SSL.

Anyway, so what do you do? The good new is SSL is generally free; it does not cost anything. It used to cost money. Getting an SSL certificate used to be hundreds of dollars and it was back in the day. I think when I started building websites back in the 90s — that kind of dates me — it was like $300 to get an SSL. I mean, you could spend even more than that to get SSL because it was kind of new and not many people were offering certificates. Now, it is commonplace, it is becoming the standard, and there are free SSL providers. Let’s Encrypt is one provider that is kind of the leading open source SSL provider that everyone’s using now. It’s basically an opensource project, which means that it’s kind of free for everybody. It’s kind of a community, open application, and anybody can get SSL certificates.

So how do you get one on your website? Let’s say you have listed to this podcast, you have opened up your website, you have been horrified that your website is not under SSL, and you want to take action today. What do you do? Easy enough. I’m going to go ahead and assume that your website is built on one of the kind of standard or most popular platforms that we see from our community. Examples are WordPress, Wix, Weebly, Squarespace. These are all examples of platforms that we have reviewed on our blog before, that we see a lot of our members using. So we’re going to kind of assume that. All of these providers are using Let’s Encrypt for the most part to provide SSL, and they’re free.

What you want to do — and actually I’m going to pull up the list here again. I’m just going to kind of run through a few of these. So WordPress is on the list. Again, there’s Weebly, Wix, Squarespace, HostGator, a lot of the major hosting providers are up there. WordPress.com, which is where a lot of our members host their WordPress sites is on there. I think I saw DreamHost is on there, Bluehost — yeah, they’re all there.

So what you do — the easiest way — yeah, you can contact support. But the easiest way I found is just to go straight to Google and for example, I typed in Weebly SSL. So Weebly space SSL. And it led me straight to their knowledge base article on how to activate SSL. And it walks you in to logging into your Weebly control panel and turning on SSL. It’s a few clicks, literally. I’m doing the same thing here for Wix. I’m going to type in Wix SSL. So let’s say your website’s on Wix. The top search results — the top two results are knowledge base articles on how to activate SSL on your website. I would venture that the same thing is going to be true for Squarespace.

WordPress is a little trickier because WordPress is a much more open, customizable platform, which means that there are lots of different ways it could be set up. You could have a web developer that really customized things. It could be more cookie cutter and standard. You know, are you self-hosting or self-installing WordPress? Is it on wordpress.com? It’s a whole different thing. So your best bet is to talk to whoever built your website and ask them what their recommendation is for getting SSL installed, and they’d probably be the first route to go there. But if you’re on Wix, Weebly or Squarespace or one of those cloud platforms, just do what I did. Google the name of the platform and then SSL and you’ll find the help site. And for the most part, it’s going to be logging in to your control panel, following the instructions, clicking a few buttons, and boom, you’ve got SSL. So that’s pretty much it.

So since it is that easy, we’ve got a couple minutes and I want to ask you, Allissa, since you were in the office hours I missed on SSL, what questions came up that we haven’t discussed today?

AH I think you covered it. And I think it came up because we were talking about search engine optimization, and at one point I looked up somebody’s website and I was like oh, it’s giving me that little thing that says it’s not secure, and they were like, ugh, how do I do that? And I just reverted to the thread we had in our premium group where you gave some information about that. (Laughter). But there was like a whole how do I do it and roughly how much should it cost me, I think, because some people I think could get trapped into using, like, a third party and paying a lot more than they need to.

MR Yeah.

AH And that was kind of a question. I know with my Weebly, I have — one of the websites I run off of Weebly and it’s just included in my, like, regular business Weebly, which is, I don’t know, 80 bucks a year or something. But I know it was something you have to purchase as an add on in many situations. So I think a rough idea of like, should this cost me $100 or should this cost me $50 or what’s my ballpark, you know?

MR Yeah, it really should be free. There are probably still some providers out there that your website might be hosted on that might charge you 20 bucks, maybe up to 30 or 40 bucks. If you’re okay paying that and you like where you’re hosted, that’s fine. I mean, don’t pay more than like 20 or 30 bucks, I would say. It’s just — it should be free. If you’re on the fence about maybe switching to a more mainstream hosting provider, then that might be a good reason to switch. But definitely don’t pay 100 bucks. It really should be free because it’s available for free for everybody. So there you go. Go get you some SSL.

AH Rock on. Thanks, Michael. Thanks for the primer. We appreciate that deeply.

If you have questions that you want Michael to answer or you want me to answer, then you can send them to us at podcast@massagebusinessblueprint.com. If you like our podcast, you can certainly leave us a review at iTunes or Stitcher or Google Play or wherever you listen to podcasts. If you don’t like our podcast, you should definitely send some information on what you don’t like about it to michael@massagebusinessblueprint.com.

MR (Laughter)

AH And if you have pictures of your cats, you can send them to both of us at podcast@massagebusinessblueprint.com. See folks, this is what happens when I take the hosting duty of the podcast instead of Michael.

MR We love cat photos.

AH We do. Thank you, everybody, for listening. I hope this has been helpful for you. And Michael, do I have anything else I’m supposed to say?

MR I don’t think so.

AH All right.

MR Yeah. I think we’re good.

AH Okay, we’ll wrap it up, then. Everybody, thank you so much for listening and have a wonderfully productive useful business-y day.

MR Thanks, everyone.