SSH vs SSL – A Beginner’s Guide
WordPress has done a great job at making it possible for the average person to create and run a decent-looking website that works. Sure, lots of it has to do with the availability of things like professional-grade premium themes, and the variety of plugins that will help with running the website.
Still, however, there is tons of stuff that a fledgling website owner or an admin needs to learn. While things like lists of SEO-related terms are undoubtedly important down the line, things that have to deal with security usually take precedence. This is why learning the difference between SSH and SSL – even if it’s just on a beginner’s level – is better done sooner than later.
So here you are, and here’s what you’ll learn:
We’ll kick off the guide with the slightly more familiar term – SSL. If you’ve ever been online and noticed a web address that starts with “HTTPS” instead of “HTTP,” you’ve seen SSL in work. That “S” at the end of “HTTPS” means that the website has employed an extra security layer to keep the communication between you – your browser, as that’s how you’re most likely accessing the website – and itself.
SSL is short for Secure Sockets Layer, and it’s the technology that’s used to give the web address that all-important “s” which indicates that the communication with that website will be encrypted and safe from the prying eyes of various nefarious parties.
Even though you’ll often hear about the importance of SSL and getting SSL certificates, if you dig a bit deeper into it, you’ll find that you’re using something called TLS, or Transport Layer Security, instead of SSL. TLS is the newer version of the protocol, and even though it’s been in use for a while, people are just so used to SSL that it stuck. At best, you’ll find mentions of SSL/TLS.
The key takeaway here is that SSL is something you’d use to enable safe communication – protect transferred data – on a network.
SSH stands for Secure Shell, a type of protocol that’s used to remotely connect to and control a server. It has nothing to do with the web address – SSH doesn’t come into play during casual web browsing. This is the type of security protocol that affects only the people who connect to servers remotely with the purpose to execute commands and transfer files, and that’s something website administrators tend to do.
Here’s an example that might illustrate this the best. When you’re accessing your website using an FTP client – something you’d only do if you’re administering the website, not just browsing it – your FTP client might give you the option to use either FTP or SFTP. Both of them are protocols – FTP stands for File Transfer Protocol. The “S” in “SFTP” stands for “secure,” and it gets that security by employing a Secure Socket Shell, or Secure Shell, or SSH. So this is where you can encounter SSH in the wild.
The key takeaway here is that SSH is something you’d use to provide a safe communication environment between you and the server in situations where you have to issue commands or transfer data.
First of all, let’s acknowledge that SSH and SSL have some things between the two that make them easy to confuse or conflate. It’s not just because they share two of the three letters of their acronyms. They are both security features that have something to do with communicating with a website. Those might suffice to warrant a question along the lines of “which is better – SSH or SSL?”, and that might be a problem because you can’t compare SSH and SSL like that.
Sure, both are important security features, but their use cases are completely different. You’ll use SSH to secure a connection with a server so that you can do the behind-the-scenes things that are necessary for the running of a website. You’ll use SSL, however, when you decide to access your website’s front end and see it the way regular users see it – with a layer of security.
There are also lots of different implications of using both. SSH is all about security – it keeps the target as narrow as possible and greatly improves the security and integrity of the files on your server. SSL, while keeping things like passwords and credit card numbers safe from snooping, also improves your website’s trust, contributes to SEO, and it might also help with legal compliance.
If you’re a web administrator, a person in charge of running and maintaining a website, you shouldn’t ask whether SSH is better than SSL. You should be asking how you can get both of them. Having an SSL certificate is rapidly becoming a standard that’s much easier and more beneficial to comply with than to sit on the fence – even if you don’t require users to leave any information on your website.
The good news is that getting an SSL certificate doesn’t have to cost you a single cent. You can add a free SSL certificate to your WordPress website easily, or at least as easily as your hosting provider is willing to make it. So before you decide to do anything on your own, you should check with your hosting provider whether they’re already offering a free SSL certificate and what’s the procedure for installing it.
It’s a slightly different story with SSH. SSH lets you make changes on a server, and that won’t sit well with every hosting provider. They might be in the right, too – letting an unqualified admin play around with the types of commands you’d get with SSH can easily lead to broken websites, support requests, and resources spent to fix a mistake that could have easily been prevented.
If you have a shared hosting plan, chances are your provider won’t have SSH, or they’ll have a limited version without the juiciest features. You can try to enable one on your own, but you should always make sure that you know what you’re doing, and that you won’t be breaking your host’s terms of service.
Let’s Wrap It Up!
When you’re in charge of a WordPress website, it’s your job to make sure that it has all the relevant safety and security features that will protect the website and you as its owner, as well as the people who visit and use it. SSH and SSL are two different technologies you can use, at the same time, to beef up the security of your website. So remember – with SSH and SSL, the question is not “either-or,” it’s “how to get both?”.