 Hi everyone, I'm Nancy a Spencer very kindly introduced me as I hope I'm not pretentious But I wanted to talk to you guys about let's encrypt and so first things first a very quick bio is I'm from Atlanta. I live in Atlanta for the I've lived there for about seven years now I have two dogs karma and Kazi They're cute and adorable and they know how to use their faces really well to get what they want I I do a little bit of filmmaking on the side And I really like traveling And I work for automatic. I'm a happiness engineer at automatic I work with jetpack and other dot org premium services. So a kismet ballpress things like that I'm also going to be at the jetpack sponsor table. So if you do ever have any questions and you don't want to ask in a big room Feel free to find me over there. I'll be there from basically the rest of the day so yeah, all right, so We are here to talk about or listen to me talk about HTTPS and SSL certificates But the first thing to go over is what the heck is HTTPS HTTPS in the first place So HTTPS is Oh one second. I'm sorry. I was having a computer issue. Sorry HTTPS is actually hypertext. It's HTTP plus a layer of security So it keeps your passwords your communication your credit card information all these sorts of personal information Private and secure when it's in transit from your computer to wherever you're sending it It's it's still speaking in HTTP, but everything's encrypted So the idea of HTTPS like how does it actually work? It's not terribly complicated, but it does use a lot of technical jargon So that slide is more for just to read it and know all of the words But to explain it a bit a bit better a bit more succinctly is to say that say you're you're on your computer And you're wanting to buy the the latest twilight DVD because you're totally into twilight And you say all right, so I need to give you my credit card information So basically you say hey, I'm I want to talk to you. Hi server Can you make can you let me know and confirm for me that you are the server that I want to send my credit card? information to and you know not that some not somebody that's going to steal all of my money The server says hey, yeah, of course. Let me know what you need to know And I will send all that information to you And so basically you talk you decide how you're going to encrypt the data to send to each other and confirm that you are who You say you are and they are who they say they are And then once that encryption key is decided upon then you're going to start sending the information back and forth So what is the actual point of HTTPS? HTTP it it's what the internet is built on but you have four things like private information You do want to verify that you're talking to who you really actually want to be talking to and you want to make sure that things like man in the middle attacks which are Basically you think that you're talking to somebody you think you're talking to your bank And you see the the the web page and says Bank of America and you see the the little green padlock And you're like all right great Bank of America padlock. I'm talking to Bank of America, but that's not necessarily Not necessarily the case right so you you need to confirm that it is actually Bank of America that you're talking to So this is actually from a wiki article on the Diffie-Hellman key exchange Which is what the SSL certificate and the encryption that an SSL certificate provides is based upon And that's about as simple as an explanation at least visually that you can get There's a lot of really great explanations of what Diffie-Hellman is and it involves a lot of math If you're not actually into the math side of things I don't recommend looking at that but this this and this paint analogy actually explains it really well So you have this common paint right your common information that you want to share and each side has a secret Secret color paint and you are going to combine your secret with the common information and create so you combine yellow and orange And you make or yellow and red you make orange And then you switch the information right? So you send your information to the other server and the server other server sends information to you and using your secret Paint that you have you can decrypt the information and so both sides have the information that they need so One thing to keep in mind is that HTTPS this SSL certificate all of it is The margin of fur error is quite slim and HTTPS is not unbreakable The SSL protocol is constantly involving to to keep up with hackers to keep up with people that are actually that tend to have malicious intentions to break this security protocol so Even though it's Even though it is quite secure. It is it is a great thing. You should be doing for your site It's not the only thing you should be doing just because you have HTTPS Doesn't mean that you are now protected from all hacking of your site. Your site can still get hacked and Rob Heaton He's a British fellow that is quite entertaining. You should read his site if you are interested in learning more about security It his quote You know puts it most succinctly that even though you do have an SSL certificate That doesn't necessarily mean that you aren't going to still get hacked You will if you're not careful elsewhere You have there's lots of different avenues and holds that that people can get into into your site So not to not to scare anyone, but just don't think that this is the end. I'll be all So the significance of SSL Currently the that the sites that you see that have SSL certificates It's not like everyone is using SSL certificates So when you see a site that's using an SSL certificate you see the little green padlock you think okay All right, so this this site is dealing with Important information or private information right so that it's saying it's basic It's it's essentially signifying that this private information is Quote-unquote important Because not everyone is using it if everyone was using it then it just becomes a common thing, right? So if somebody is using it then you're signifying that at least allegedly signifying that it's important this idea is is really important because You have things like political dissidents or you have governments that are watching your Watching your communication if they see that you are are communicating via an encrypted layer Then they may think that you are well guilty of doing something right? It's the the whole innocent until guilty argument So I am promoting SSL certificates as and everybody should do it It's it's similar to the idea of herd immunity So you take a vaccine to be protected from diseases, right? You're gonna say all right I am now hopefully not gonna get polio, right? And but you're not necessarily just taking it for yourself You're also taking it for those around you that can't take that vaccine So if you say that hey, I'm taking this vaccine. I don't want polio You're also protecting babies and the elderly from because you're no longer going to be a host for polio either, right? Still with me. I see lots of blank faces and so I want to make sure this is still entertaining. Yeah Okay, cool. Thank you And so basically that the significance of SSL is that right now because it's not nearly so commonly used It signifies something more than Than it really should because just because you're using an SSL certificate does not in any way imply that you're doing something wrong By no stretch of the imagination, but it could be used to imply that Which brings us to a fairly famous SSL? Issue Edward Snowden was using lava bit To to encrypt all of his information to send it back and forth And when the FBI wanted to decrypt his information, they couldn't because it was all encrypted And so they requested that lava bit Release their private key to in decrypt all of this information and lava bit said yeah, no, thanks And a US judge said well actually yeah, you kind of have to and so lava bit ended up having to give their Private key to the FBI so they could decrypt all of this this information and in doing so they lost their their Their security status right because now they're compromised They've given out their private key to someone even though technically it is the government and hopefully it's still secure It's not actually and that private key is no longer private So all of that to say There's these there's these lists SSL certificates They're they are given by certificate authorities and these certificate authorities are are very highly ranked Like they are the the end all be all who has that say that you are secure Right, and it's very hard to become one of these top-level certificate authorities But once you once you lose that privacy once you are Once you've you know become compromised in this way you do lose that that right to say Hey, I'm an SSL certificate that you can trust and once that happens you're going to be put onto a certificate revocation list a CRL and browsers and operating systems as long as they keep those lists updated We'll know what certificates have been revoked So whenever you get those those snazzy little warnings when you try to go to a site and it says hey red flag Don't go to the site. It may be insecure. It's not necessarily saying that yes It's definitely 100% been hacked, but that you can't trust the SSL certificate that's being used all of this all of these these these things especially in terms of like Snowden and as encryption becomes a bigger and bigger topic of interest Brings up things like privacy as a right. Do you as a human being using the internet? Have a right to privacy to what you're doing Whatever you're communicating Things that you're sending things you're looking at do you have a right to that to privacy for looking at whatever you're looking at Within the information you're consuming within the information you're sending etc Etc. There was once things like this started becoming more and more popular There is actually a plug-in on Chrome as an extension and it it would insert words into your into what you were looking at It would say things like pressure cooker or bomb or bomb making or different like chemicals that are used for bombs to To basically add additional noise to what you are looking at to try and you know Like so the NSA is actually taking in all of the information that you are that you are looking at right? They are storing it in very very large data centers and to try and add additional noise to that particular collection of data It also brings up this idea of freedom of software which WordPress as a community is quite quite fond of and is quite a proponent of freedom of software, but Is free is software free to be created and to be used as it's intended by the creator, right? And finally freedom of privacy Are you actually free to be private? Is that like a fundamental right to be free to? To be to do whatever you want and make sure that it is private And so it brings us all of this comes together to create this freedom to use private or to use software privately Laurence Lessig wrote an article that said that Once something knows that it's being watched it inherently changes the way you it behaves So it's often used in media for example like in documentary filmmaking It is nonfiction, but at the same time you are putting a camera in someone's face or you know watching someone recording something And so just the inherent Introduction of a camera changes your behavior even if you're told hey, don't worry about it Just be natural be candid same as like here There's photographers everywhere and they really do like candid shots I as a photographer love candid shots, but I try really hard not to make myself You know Noticeable right even though I have a big camera in a big lens or whatever I I want people to not notice what I'm doing because then you you automatically change you stand up straighter You fix your hair you fix your clothes whatever you want to present you the the best version of yourself, right? so this idea of freedom Privacy and freedom Basically it says that if you know that you're all of your communication is being tracked Do you change the way you interact with that that information you change the way you act on the internet all of these sorts of things? so all of that to say the the next thing is um So I've often heard especially in terms of like SSL certificates or things that are quote-unquote more complicated That well, I just run a blog. I you know, I'm not I'm not anything I'm just I'm just talking about my cats on the internet. That's that's all I'm doing Why do I need to do like more complicated things? Well, hopefully by the end of this talk, you won't think SSL certificates are terribly complicated and hopefully it's not so scary of a thing but It's not just the fact that you run a Blog about your cats. It's the fact that you know Do you get does anyone build sites? Anyone know yeah, okay, so most of the room just raised their hand So you you're building sites for others, right? So hopefully you are actually you're using you know For example making sure that you're not reusing passwords anywhere, right? You're hopefully using best practices for security for your sites as well as your client sites But you can't confirm like you can't definitely know that your clients are following those same best practices, right? That they're not using the same passwords everywhere You can't confirm that your users that are coming to your sites or to your client sites when they're submitting You know their username and password to log in or to pay for something that they're not reusing their passwords elsewhere so You do I mean you have a responsibility as a professional as a as a site builder as a site runner as a site owner That to provide at least that that level of security to your users to the people that are coming to visit your site that they do at least I Mean deserve that level of security and respect Essentially saying that you know SSL certificates have Haven't always been the easiest thing to implement Before let's encrypt it was a lot harder to to set up SSL certificates personally for your site You might have like a hosting platform that would help you But if you're just on your own it you might actually feel really overwhelmed by all the steps you had to take But now with things like SSL with that with let's encrypt or things like you a lot of hosting platforms will help you set up an SSL Certificate, I'm on WP engine for example and literally there's a button I click a button and I like validate that I own my domain and that's it It takes like 15 minutes and I'm done I so there's there are lots of options and in this day and age if you're not using let's encrypt or an SSL certificate Especially when there's there's information being transmitted That's not the greatest idea So how does SSL work in the first place? I've talked about all the theoretical things and so when the technical nitty-gritty stuff So the the SSL is based on a two key encryption system So you have a private key and a public key your private key stays private Hopefully and your public key you're exchanging back and forth to encrypt and decrypt this information You're using a symmetric algorithm and you're using asymmetric encryption I'm trying not to get too technical and delve into too many details because I don't want to like It's not necessarily important exactly how to know exactly how it works There's a lot of math that goes into it and if you're interested I highly recommend that you you Google this stuff because it is really interesting But I also understand that I'm a geek and I don't want to like spread that So so use this and this encryption key and what you do you have a public key you encrypt all of the data But you can you can only Decrypt using the private key right so if the idea was that oh well I can just use this public key and I encrypt stuff whoo yay I mean SSL certificates wouldn't be worth much But if you have when once you have that private key the two sides view and the server that you're communicating with You have your private keys and you can decrypt the information. That's why it's so important to keep your private key private and Anyone can so anyone can and can encrypt this information But only the two sides can decrypt it the opposite is true for digital signatures digital signatures are Given by the certificate authorities that say that hey you are who you say you are we've confirmed it and so we are going to encrypt this key and Anyone can decrypt it using the public key that they're provided on the SSL certificate and then But only the certificate authority can actually encrypt the key in the first place to decrypt let me know if you guys are still with me and Finally self-signing so just keep in mind that as I mentioned earlier all certificate authorities the main The you know that the top of the chain of security of a certificate authorities are all self-signed So they are saying that they are who they say they are which technically could be dangerous But they're the head who ha people and so they're going they're actually quite secure and quite Careful of retaining their security so things like lava bit once lava bit use it loses its SSL go daddy said hey Yeah, you're not cool enough anymore. Sorry We're good luck and revoked all of its its private security clearance basically So I've said certificate authority. I think like 50 times so far And so what exactly is a security or a certificate authority? It's essentially so browsers when you're visiting when you're visiting a site It'll when you're visiting a site with SSL certificate There's two ways that you would you would trust a site You'd either implicitly trust it because you have either you or a browser has said hey I trust the site and you the site is clear. It's free and clear and browsers and operating systems and everyone has said that you're that you are good to go Or you can say that It's so for example, you could if SSL certificates were super simple to to verify you could just say hey I'm Microsoft and you should like give me all of your information because obviously I'm Microsoft because I said so And it doesn't really work that way if it was actually that simple Everyone would just be saying yeah, I'm Google and Microsoft and Apple and give me all of your money and credit card information I'll give you an iTunes certificate And it doesn't actually work that way So that's what a certificate authority is it's there to be that that stopgap to say hey This person is actually who they say they are and you can really truly trust them It's essentially a notary for the web. So it is it is double triple quadruple confirming that you're you're good to go And so that brings us to what let's encrypt actually is so let's encrypt is a free certificate a free SSL certificate that that you can use that's Fairly simple to set up. I mean it does take 10 or 15 minutes But it doesn't take you know it doesn't take an enormous amount of of coding prowess You don't have to be a developer You don't you you can actually do it quite simply and if you do ever get stuck the community for let's encrypt is pretty spectacular It's similar to WordPress or you know if you go to like stack exchange or get hub And you just need help people are more than willing to help you out and Another thing is that because it's free anyone can use it There isn't this like this monetary gap to to say hey I Can't afford this SSL certificate because you know SSL certificates aren't terribly expensive at least not like the Domain validation lower-level certificates But $40 here in America is quite a different story if you're going to India or Singapore or something like that So the setup of an actual domain validation certificate This is what you'll do. It's just two commands. You're sudoing and in your terminal And if if you want you will literally just follow this And so what happens is that let's encrypt will generate a pair of RSA private key a private key and a public key And they'll contact the certificate authority with your public key The certificate authority will say all right cool. I've got your public key We can move forward and the the program they'll ask your the certificate authority to verify your domain So that's what I was saying when I earlier I like literally clicked a button and said I want an SSL certificate Well once I said that I have to verify that I actually owned my domain, right? I have to confirm that I am actually Nancy Thonkey and I'm not you know Google or whatever And so once I confirm that I actually own my domain The certificate authority will ask a few few questions to verify all of these things Or they'll ask you to perform a few tasks depending on who you're talking to And then you'll you'll install the program and then the certificate authority will say all right cool You're good to go. We can move forward and then they'll they'll create another pair of public key and private key and They'll generate a certificate signing a request So they'll generate it with the public key and then send it to the certificate authority And so it's these are all things that are happening kind of in the back end You're literally just doing these two things But you're also you know just to just so you know there is a lot that goes into it It is fairly simple on the front end now But there are a lot of things and a lot of security protocols that are built into it to make sure everything's working properly And finally once all of this is done and you verified everything then let's encrypt will install the certificate And you'll have the nice shiny green padlock on your site and it'll be glorious so How do you actually encrypt your site like sure you see these these pseudo commands are like damn now I have to do a terminal command and that's not my cup of tea And you're probably not actually like you know You may be on your own your own hosting plan or your your own server But if you're not if you're on a shared hosting plan these are all hosts that That provide SSL or that are cool with SSL certificates Please do keep in mind some of them do require your own IP address like you some of them don't necessarily say yeah shared hosting is cool Some of them do require that you have your own individual IP address Before they'll let you install an IP or install an SSL certificate But all of these guys are out there So you can go to the hall and say hey I have a site on you your server and I want this SSL certificate Please help me and I will be posting these slides online and I'll tweet them out so you guys can have the link But all of those are links to this their respective SSL installation guides or whatever They'll be either blog posts or actual instructions step-by-step Some of them you know require a bit more effort than others But they do these all do at least provide SSL certificates in some way or another You might use a VPS or you might you know have other server setups You might not be on shared hosting if so I would recommend checking out these articles They provide really great introductions and breakdowns to SSL certificates and how to install them on more unique server setups I won't go into that right now And another option is WordPress comm if you are a WordPress comm and you aren't on your own self-hosted WordPress installation Then it's already there. It's been there since March of this year And all all custom domains and all WordPress comm domains have an SSL certificate and they're all HTTPS secure And if you have if you want to learn more you can click all of those links and so The final thing I want to go over a couple final things are the common issues So a really brief overview of what we just went through is that at least let's encrypt is pretty easy to set up It's free to use and it's good for single server setups, right? So it may not necessarily but it may not necessarily work for for more Custom setups, so if you have like a load-balanced setup SSL or it lets encrypt certificate may not be the greatest idea for you But there are lots of other SSL certificate so that you can purchase you don't have to stick with lots and crap and one thing to keep in mind is that Let's encrypt in particular does have require renewal every 90 days, so Generally other certificates last for 180 days or a full year as let's encrypt in particular does require 90 days So just keep that in mind whenever you're doing this It I actually just have like a Google calendar reminder set up just to make sure that I definitely for sure Renew my certificate because once it expires you lose the protection and there's no like There's not really like a buffer period that like slowly eeks away. It's just you're either protected or you're not And do you keep in mind that lots of plugins, especially security plugins may require custom like a Custom setting change of some kind when you when you install an SSL certificate So for jetpack for example or really a lot of plugins be sure that you change your settings So once you go into dashboard settings general make sure that you change your URL because your your URL is no longer HTTP Ooshiny website calm. It's HTTPS So be sure that you do that. Otherwise, you'll have lots of 404 errors and lots of other errors So you just you won't really appreciate and finally a Lot of people are interested in SSL certificates because Google recently said or semi recently said that they were gonna change their search ranking algorithm because well I they are gonna say that that that secure websites are gonna be worth more or they're gonna be ranked higher and That's I mean that's a very valid concern to have like obviously you want to be higher up on Google search results when somebody's looking for a Mechanic or a web developer or whatever But it's not just I mean if Google search rankings are the only thing motivating you I mean, I understand I understand the monetary value of that, but at the same time you do also I mean You you should be Careful at least or care about the people that are visiting your site You should be caring about your audience your viewers and providing that like very simple Layer of security for them because it's not just that you know You want your own site to be secure You want your own personal information to be secure because obviously I don't want my credit card information to be Wandering around the web But you also owe it to other people that don't necessarily, you know If you go to a website and you're giving your credit card information You do expect that your credit card information is going to be kept secure So in that same way like provide that same level of security to people that are visiting your sites and I wanted to go through some FAQs that Disappeared That's cool Okay. All right. Sure Sorry about that. So I Some FAQs, I just wanted to go over really quickly Please feel free to ask any questions once we get to the official question time, but some quick ones So I said it all up. Does that mean that it won't that I won't be hacked No, like never ever, please don't ever think that that's the only thing that will protect your site and you're good to go Please make sure that you're following best practices, especially for your passwords and things like that But just security best practices in general two-factor authentication things like this. Please. Please. Please keep that in mind And then will it make your site slower? No I mean not necessarily if you're if you set up an SSL certificate and suddenly your site goes from You know all the website tests are speed tests are saying yeah, your site's great 90% It's fantastic. You're all green and then suddenly it's like. Oh, yes, you're faster than 11% of sites worldwide There's other things going on if the SSL certificate Installing it made your site do that It's possible that the SSL certificate had something to do with it But most likely it's not it's something else is going on I would highly recommend if you're on a shared hosting platform get in touch with your host That's something else is going on with the server setup If you have a webmaster again touch with them, you know, whatever you need to do But more likely than not it's not your SSL certificate that is that is making it, you know be so slow And finally, what's the difference between let's encrypt and paid SSL certificates? So I've talked about let's encrypt a lot, but there are lots of SSL certificate options It's not like you can you just have to use let's encrypt because that's the coolest thing It is quite nice, but there are lots of paid SSL certificates that you can get but technically they are not actually different so This setup the the actual code setup of what an SSL certificate is and how it's created is the same Whether it's free or you're paying $500 a month The difference is is that those other certificates that are more expensive You'd be using them on more highly traffic sites or if you're dealing with lots of money, right? Then it then it provides things like insurance Like if your site is hacked then you have insurance going into it or you can say hey I swear. I wasn't trying to steal all of my my user's credit card information. I just got hacked, right? So it's not you you're provided other types of information or other types of protection Where that let's encrypt doesn't provide because it's a free SSL certificate It's meant for the everyday user the one that says I'm just a blog, right? So finally some common misconceptions so Authentication There's okay, so there's a guy named Tony Perez. He's pretty awesome. He's really nice guy He runs Securee and he has this really great article. I've linked it in the bottom corner But I'm gonna go over it very quickly that he talks about basically misconceptions that people have about SSL certificates and what it provides In terms of authentication just because you see a little green padlock that says that it's Bank of America comm right? Doesn't necessarily mean that still Bank of America comm not that it it you'll look at like things like The the URL it doesn't say Bank of America comm it says Bank of a America comm Right, it's little things that people can change in the domain and they can still set up an SSL certificate No one no one has stopped or blocked from setting up a SSL certificate and they can pretend So like things like phishing attacks can still happen, right? Just because you see that green padlock doesn't necessarily like Please be aware like like I keep harping on SSL certificates aren't the only like they they don't protect you 100% always and you know forever Also things like integrity Make sure that like sure a SSL certificate does protect man in the middle of tax Technically, but please again be aware like of what you're doing. Don't just trust like random stores online that you know They may say they have a SSL certificate and everything's fine and dandy But you know just be aware of what you're doing is essentially what I will keep saying And finally encryption This is like the key point of all of this if you if you take nothing away from else from this talk Please take this this only encrypts information when it's in transit period that is it Once it gets to wherever you're sending it to they then decide how to handle that information and how to store it so you hear of all of these all these stores that are getting hacked and so these They lost thousands of customers credit card data. It's not because they didn't have SSL certificates They definitely had very robust SSL certificates and great security protocols and everything But once they got the information it was then decrypted because you have to decrypt it to read it And then it was stored in that decrypted manner So now suddenly well all of this information if anyone hacks your database They have all access to all of your unencrypted information So that's like the biggest thing to keep in mind SSL certificates are great for information in transit once it's no longer in transit All bets are off and that that then depends on other security protocols that you should hopefully have in place And so yeah phishing I went over a bit already and nation-state attacks. So basically When you're you should assume that you're all of your information and all of your your communication online is going to be tracked That's kind of a Unfortunate or fortunate depending on the way you're looking at it truth of today The NSA for example tracks all communication. That's not really like Whether you believe in it or agree with it or not. It's it's a it's a truth of today So be careful of what you're doing like if you if you are communicating in any way Then your communications are going to be tracked whether they're actively like monitored That's a whole different story, but they will they will most likely be gathered and stored in some place in the server somewhere So finally, oh, I'm sorry I Allegedly know how to use this thing No, I don't No, not at all. I definitely don't know how to use this thing I'm so sorry finally in conclusion though what I'm trying to say and trying to get to Eventually I Eventually I will get to this what I'm trying to say is that SSL certificates are great. They are great for for getting getting secure it Providing the security to your users or providing the security to yourself But that isn't the only thing that you need to do and that's not the only like there's so many other things that you Need to be doing and that's just I mean SSL certificates are great I'm a huge proponent of them obviously because I'm talking up here and scared slightly out of my mind of messing up And but I'm still talking about it up here to all of you because I don't want you to be scared about setting up an SSL certificate It it seems kind of complicated, but it's not I swear and hey, huh perfect timing. I meant to do that So finally I just wanted to leave you guys with this let's encrypt is I mean it's a it's a It's a huge movement and it's a community and it's all these things They if you want to learn more about let's encrypt specifically like their code they're set up how they're doing all of these things They have a github GitHub page they have all the all the code up there Let's encrypt has a website. They have a forum They have like really like I keep saying they have a really good community of people that are interested in helping you get Set up in helping you figure out what's going on or even just learning more about what the heck is going on And they are actually still crowdfunding. They have almost they have raised very little money But if you do actually get something out of let's encrypt I I mean there's comp funding. I check it out if you want to And finally the sources I used a lot of there's some really fantastic people online that talk about this And they're far more brilliant than I could ever hope to be And I used a lot of the information that they talk about So if you want to learn more and you want to you know learn more than 40 minutes can tell you Check out these articles. There. There is some code involved. It might feel a little over your head in some cases But I promise it's not that complicated So, yeah, if anyone has any questions, I see someone. Oh, no, that's Spencer. Okay, cool. Hi Spencer I'm a someone. Oh, thank you Nancy. Oh five minutes. That's a quick question Nancy thanks for your very timely talk and I have a feeling that 2017 would be the year of SSL at least the rest of the world will find out Just a quick question. Yeah, how difficult or easy is it if you have a host and you have a plan and you have an SSL Set up and you want to change hosts. What's involved in that situation? So there's a lot. Yeah, of course Thanks for asking. So there's a lot of different ways that you can change your host There are a lot of different backup solutions that you can have that you can for example Okay, I work for automatic. So I I support ball press for example And so we help people change hosts all the time and we have an entire setup and there's lots of different Backup solutions that you can do to to change hosts and a lot of hosts like especially your new host will be quite happy to help you Move to them because while you're gonna be paying them a lot of money But there's a lot there can be complications and it sort of depends on the host that you're using as well as the host You're moving to I can't provide like a super in-depth Response to that unfortunately, but if you do run into problems feel free to come and ask me if like if you have a custom setup or anything Hi Nancy, I'm enjoying your talk Our domain is the University of Georgia, but we host owners a different provider So do I need a certificate for the University of Georgia and then by the provider? And so also if we are hosting our media on another server so everything's faster Do you need three certificates? So is your is your main? Domain University of Georgia. Uh-huh, okay So you would need it definitely for the for University of Georgia as for the other media I'm not actually sure. I wish I knew the answer to that because sometimes they share Unsecure photos or something and some of the plug-ins are now saying that's not not good security It's it's definitely far better to have all of it secure period If you have to choose one over the other, I mean I would definitely choose the the main domain, but I Okay, that's actually not fair I would highly recommend just securing all of it because it's just there There's so many other ways that there can be cracks in in your security That and SSL certificate is kind of the easiest simplest level to to get past. All right. Thank you. Yeah Hi My question is just so my site that one of the sites that I work on it uses on like WooCommerce And then we're using PayPal to set up the payment options Is there still benefits to using the SSL certificate if you're using a third-party? So when I first started why I used to freelance develop before before becoming a happiness engineer And I used to just say hey my site is just I mean I'm not I'm personally not taking any payment information so I use strike for example, and so I didn't have an SSL certificate and It was fine for then, but I don't necessarily recommend it anymore for money purposes. Yeah, if you're using PayPal I mean you're quite secure because PayPal is I mean one of the best security money things out there But if you want to have a secure website just in general It goes back to the whole everyone can have an SSL certificate argument So I'm gonna say that you you should have an SSL certificate for your site period As far as the the payment options if you're using PayPal or Stripe or anything like that The payment itself is already secure, and it's great that you're doing that and actually not you know Taking in the money on your own especially as a smaller if you are a smaller business I mean I'm talking about in general if you're a smaller business It's I mean it is a risk that you don't necessarily want to take Because then you are a responsible for all that information that you're you're you're getting so Yeah, of course I didn't see is there a difference between Paying for difference in security on when I pay for something over a Public Wi-Fi network over a private Wi-Fi network if I'm using SSL Or they they both the same level of security like if I wanted to make a payment on like say Amazon at a Starbucks As opposed to making a payment start to Amazon in my own home Would that would there be a difference in security there's okay, so the great. Thank you guys an awesome question And I should have covered it The the great thing about SSL certificates is that it does encrypt your information So it's literally I saw this I heard of this example when I was when I was doing some research And it said it's literally like talking crap about your worst enemy You're like most evil foe of foes in a conference coming to a conference having everyone come and talking about Basically coming up with an encryption setup for talking about this really terrible person that you despise above all else And then talking about them for the entire conference and having that person sit like right there. Sorry. I don't mean that you are Having them sit like right in the front row and have them not know at all what you're what you're talking about, right? So in that sense, yeah, you were your information is technically secure I don't necessarily recommend doing it on a public network Despite that because I mean you're still on a public network. So for example right now if I wanted to if anyone is on their Logging they're on this conference Wi-Fi and they've logged into their site and they don't have HTTPS in theory I could have all of your passwords Like right now period If I wasn't giving this talk, I actually kind of wanted to try that But But not sorry, I don't mean that in any sort of nefarious way at all I but just saying that like when you're on a public network, you are on a public network Um if you but they can't read your information on a public network, right? No, but but they can still like sniff all of the data. They can still like do like once they It is secure because you have an SSL certificate But in terms of best practices for security for yourself Like I personally never log into my bank account on a public network period if I need to I I tether to my phone Or I use a VP like a virtual private network, right? Like I use a VPN or I tether to my phone, but I'm also a lot more Well anal about my security and so I personally wouldn't recommend it But I do understand like if you do you're not in any sort of huge risk Okay, that fair. Yeah, that's that's fine. No one more question Paid a certificate authorities versus less than crypto. I was told I think you said earlier There's no technical differences in that right in terms of how safe they are It's just the only difference is the insurance offered Well, so I mean if you if you look at like paid SSL certificates, they're probably gonna install them for you They're probably gonna upkeep them for you because you're paying the money I would hope so if you're paying the money So there's all of those sorts of benefits There's also like I mentioned on the slide like PR benefits if you are if you do, you know Somehow run into some sort of trouble then you have PR benefits of saying yeah, you have a paid really secure awesome As a cell certificate or you can say to your insurance provider that hey I did everything and more and nothing is wrong and you have the the Peace of mind I guess of saying that like well, they're handling it So if something messed up well, they messed it up not me So there is that benefit but technically it's still an SSL certificate whether it's three dollars or five hundred dollars Okay, so it doesn't matter. Let there's less encrypt certificates are no worse than say like a rapid SSL certificate No, not at all. Okay. Thanks. Yeah Thank you Nancy that's all the time we have for this presentation But I'm sure Nancy will make herself available for questions either now or it sounds like at the jetpack booth for the Rest of the day. Yeah, I'll be here if anyone has any questions I'm also on Twitter at Nancy Thonkey if you want to just like talk to me or you can send me a message on my site or whatever I'm I'm open. Thank you