Errr…. Close, but not quite!
Seeing the padlock symbol on your website is a very good thing, but it might not mean what you think it means.
The padlock symbol actually indicates that your website pages use secure communications. That means, any data that is sent from your website to your visitors browser (or vice versa) is transferred across the interweb in a secret unreadable code. The data is only unscrambled once it reaches its intended recipient. So anyone who has special software skills to spy on your website, or your visitors’ browser, cannot read the messages. The writing will all be jumbled up and will look like gobbledegook. This scrambling is called encryption.
If your website has the padlock showing, then it means that data is transferred encrypted using HTTPS. Installing an SSL/TLS certificate gives you HTTPS. Otherwise, you would be using just plain, boring HTTP and all your messages would not be scrambled. And this is why some websites will have the broken padlock symbol or warning triangle, along with the scary Not Secure message, meaning any information transferred won’t be scrambled. You don’t want to be sending those secret recipe ingredients for your granny’s famous apple strudel this way.
Having the padlock showing means you are sending data via HTTPS, because you were clever enough to install a SSL/TLS certificate for your website.
It also has other superhero qualities too, like ensuring that anyone communicating with your website is communicating with you, and not a fake website that might be impersonating you. This creates trust for your visitors and is great for your SEO too.
Many common cyber threats are automatically prevented simply by having an SSL/TLS certificate installed. They can help to keep you and your visitors safe.
Unfortunately we find that many websites have SSL/TLS certificates, but are not implemented properly on their websites. So they have their pages accessible using both HTTPS and HTTP. Whoops! This is wrong and poses a risk to your website, your visitors and will affect your SEO ranking. It is like having those stable doors that are split into two parts, where the top and bottom halves can be opened or closed independently of each other. You need both doors closed at the same time!
But cyber threats are vast and an SSL/TLS certificate is not enough by itself to stop the more sneaky and complex threats that are out there. This is why additional measures must also be taken, using methods such as strong passwords, 2-step authentication, firewalls, and closing loopholes that may exist on your website or web server.
So the padlock symbol is just one item on a long security checklist. It is needed and extremely useful, but don’t be fooled into believing that this alone is keeping your website secure.
Stay safe, and has anyone got an apple for that horse?