CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® by

Using SSL

Given that the Internet is nothing more than a group of networks tied together, you should have no reasonable expectation of privacy when traversing the World Wide Web. Rather, you should expect that somewhere along the way, prying eyes are looking at your data.

Secure Sockets Layer (SSL) is essential in an e-commerce society. Without it, you could not conduct Internet financial transactions. In fact, current law requires SSL for online financial transactions. This provides a solid layer of protection for the transmission of the files. However, this does not guarantee that the files are safe after they are on the server.

SSL lives in terms of the technology above the wire (your network connection) and below the application (think shopping cart). This gives it the capability to be the gatekeeper of the data that is being sent. In a perfect world, the application will entrust the data to the SSL envelope. This will be taken directly to the recipient, who is the only one who can unlock it.

If you conduct any type of financial transactions (such as acceptance of credit cards) on your CMS, you must install SSL on your website. In fact, if you collect any type of information that could be gathered by eavesdropping on the network connection and used against someone, then you need to consider SSL.

In this section, you'll learn how SSL works, and see some use cases. How to purchase and install your certificate (from a high level) rounds out this topic discussion.