Glossary
SSL/TLS
The encryption behind HTTPS and the browser padlock
What is SSL/TLS?
SSL (Secure Sockets Layer) and its modern successor TLS (Transport Layer Security) are cryptographic protocols that encrypt the connection between a web browser and a server. When a site uses SSL/TLS, its address starts with https:// and the browser shows a padlock - meaning data in transit cannot be read or tampered with by third parties.
Strictly speaking, SSL is obsolete; every secure site today uses TLS (currently versions 1.2 and 1.3). The name "SSL" stuck, which is why certificates are still called SSL certificates. A certificate, issued by a trusted certificate authority, also proves the server really belongs to the domain you typed.
Why SSL/TLS Matters
- Privacy - Passwords, card numbers, and personal data are encrypted in transit
- Integrity - Content cannot be modified between the server and the visitor
- Trust - Browsers flag plain HTTP sites as "Not secure," scaring visitors away
- SEO - HTTPS is a confirmed Google ranking signal
- Compliance - PCI DSS requires TLS for any site handling card payments
- Email too - TLS also encrypts mail in transit between servers
SSL/TLS in Practice
- Free certificates - Let's Encrypt issues free, auto-renewing certificates used by millions of sites
- E-commerce - A valid certificate is non-negotiable for WooCommerce checkout pages
- Renewal monitoring - An expired certificate takes a site offline for most visitors; automation prevents this
- CCMS managed hosting - Certificate installation, auto-renewal, and HTTPS redirects are handled as standard on every CCMS-hosted WooCommerce, Moodle, and PHP site