An SSL certificate (Secure Sockets Layer) is a security system that allows the transfer of encrypted data between the web server and the user’s browser. This type of security system is used by millions of web pages to obtain a private conversation between the web server and browser, protecting the information that is transmitted from computer hackers.
HTTP is the protocol used on the Internet to navigate web pages. However this is a bit of an old protocol that did not have WordPress security in mind when it was created.
Where can you find SSL?
When we browse a web page, we can perform different actions, and in many of them we are sending our data to the server, which travels through the Internet.
Imagine that you connect to a Wi-Fi network in a coffee shop. This Wi-Fi network is open, and everyone can access it. Or even if it is not open, there are other people who know the Wi-Fi password and surf on your same network.
Then you access your WordPress, go to the administration ( /wp-admin ) to publish an entry on your blog, and enter the username and password, and click on “Access”.
If you do not have an SSL Certificate installed on the server and you have not accessed via HTTPS, all the information navigates through the Wi-Fi network, and the rest of the world until it reaches your server, WITHOUT ENCRYPTION.
This means that any user of your Wi-Fi network with average computer knowledge, and who has a very simple program to install on their laptop, will be able to read the username and password to access the administration of your blog without any impediment.
Obviously, this is a risk, and it is always recommended to have a lets encrypt security certificate installed on your website.
Once you have the SSL certificate installed, you will be able to access your website using HTTPS instead of HTTP.
When you browse with HTTPS, all the information is sent to the server in encrypted form, so that the user who is trying to steal your access credentials from the cafeteria will only see a series of characters without any meaning.
Also, if the server is properly configured, the encryption is mathematically impossible to crack in a reasonable amount of time with today’s technology, so rest easy for now.
How is FTP SSL working?
The same principle is used to encrypt FTP connections and email connections, however WPDoctor only checks if you have an SSL certificate installed on the blog.
An SSL certificate works based on the use of two randomly generated keys, these keys would be made up of two types of keys:
- private keys
- public keys
The public key is given by the server and can be known by anyone, while the private key is unique to each user and is only known by the user himself.
The SSL certificate would work as follows:
- User Browser: Request secure connection to the server.
- Web server: Responds with its own public key.
- User Browser: Sends your private key.
- Web Server: Web Server establishes secure connection based on the two keys.
In the initial connection, the private and public keys will be used to create a session key that will allow the secure connection between the browser and the hosting, encrypting and decrypting the information communicated.
This secure key will be temporary, not being the same over time, being only valid for the session that is created at a specific time.