{"id":187626,"date":"2020-05-07T04:32:52","date_gmt":"2020-05-07T04:32:52","guid":{"rendered":"https:\/\/premium.wpmudev.org\/blog\/?p=187626"},"modified":"2022-04-19T02:57:56","modified_gmt":"2022-04-19T02:57:56","slug":"ssh-vs-ssl","status":"publish","type":"post","link":"https:\/\/wpmudev.com\/blog\/ssh-vs-ssl\/","title":{"rendered":"SSH and SSL: What\u2019s the Difference for Security Sake?"},"content":{"rendered":"<p>When it comes to security online, you want to feel good about sending information across the web. SSH and SSL are here to help keep your information secure. So, what\u2019s the difference between the two?<\/p>\n<p>It might be easy to confuse them. They both consist of three letters, they both start with two \u2018Ss\u2019, and they help keep vital information secure (and more).<\/p>\n<p>But, yes, they are different and your confusion will soon end.<\/p>\n<p>In this article, I\u2019ll be going over all things SSH and SSL.<\/p>\n<p>Keep reading, or jump ahead using these links:<\/p>\n<ul>\n<li><a href=\"#SSH\">What is SSH?<\/a>\n<ul>\n<li><a href=\"#ssh-importance\">What&#8217;s the importance of it?<\/a><\/li>\n<li><a href=\"#ssh-why\">Why do we use it?<\/a><\/li>\n<li><a href=\"#ssh-authenticate\">The Key(s) to the Authentication Process<\/a><\/li>\n<li><a href=\"#ssh-setup-hub\">Setting up SSH in The Hub<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#SSL\">What is SSL?<\/a>\n<ul>\n<li><a href=\"#ssl-why\">Why do we use it?<\/a><\/li>\n<li><a href=\"#ssl-authenticate\">Authentication Process<\/a><\/li>\n<li><a href=\"#ssl-importance\">What\u2019s the Importance of It?<\/a><\/li>\n<li><a href=\"#ssl-setup-hub\">Getting Set Up in the Hub<\/a><\/li>\n<li><a href=\"#ssl-certifs\">Custom SSL Certificates<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#tls\">A Little Bit on TLS<\/a><\/li>\n<li><a href=\"#differences\">Differences Between SSH and SSL\/TLS<\/a><\/li>\n<li><a href=\"#summary\">Feel Secure Yet?<\/a><\/li>\n<\/ul>\n<figure id=\"attachment_187643\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-187643\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/Untitled_Artwork.jpg\" alt=\"Dev Man SSH and SSL\" width=\"600\" height=\"300\" \/><figcaption class=\"wp-caption-text\">By the time you\u2019ve read this, confusion will end and all will be revealed.<\/figcaption><\/figure>\n<p>To get started, it\u2019s important to know what SSH and SSL are. So&#8230;<\/p>\n<h2><strong><a id=\"SSH\" target=\"_blank\"><\/a>What is SSH?<\/strong><\/h2>\n<p><a href=\"https:\/\/wpmudev.com\/blog\/what-is-ssh-wordpress\/\" target=\"_blank\" rel=\"noopener\"><strong>SSH<\/strong><\/a> (secure shell) is a way to communicate with a remote computer securely. It\u2019s used for executing commands remotely.<\/p>\n<p>So, for example, if you\u2019re on vacation in the Bahamas, you can access your work website remotely, <a href=\"https:\/\/wpmudev.com\/blog\/terminal-command-line\/\" target=\"_blank\" rel=\"noopener\">perform commands<\/a>, and edit (although, why would you do this on such a great vacation?).<\/p>\n<p>It does this by interacting with another system\u2019s operating shell and functions by using public-key cryptography for connection and authentication.<\/p>\n<p>This makes gaining access to a WordPress site possible in <a href=\"https:\/\/wpmudev.com\/blog\/ultimate-guide-wordpress-security\/\" target=\"_blank\" rel=\"noopener\">a secure way<\/a> to ensure nobody has access to your connection while you\u2019re on it.<\/p>\n<h3><strong><a id=\"ssh-importance\" target=\"_blank\"><\/a>What\u2019s the Importance of It?<\/strong><\/h3>\n<p>It\u2019s important because it secures all of the unsecured networks in the client and server connection.<\/p>\n<p>The client uses the remote host information to initiate a connection, and, when the credentials are verified, it establishes the encrypted connection.<\/p>\n<p>On the server-side, there\u2019s an SSH daemon that\u2019s regularly listening to a specific <a href=\"https:\/\/www.pcmag.com\/encyclopedia\/term\/tcpip-port\" rel=\"noopener\" target=\"_blank\">TCP\/IP port<\/a> for a potential client connection request.<\/p>\n<p>When a client initiates a connection, the SSH daemon will get back to it and reply with the software and the protocol versions it supports.<\/p>\n<p>The two exchange their identification data and (if the credentials pan out) create a new session for the appropriate environment.<\/p>\n<h3><strong><a id=\"ssh-why\" target=\"_blank\"><\/a>Why Do We Use It?<\/strong><\/h3>\n<p>People use SSH to securely communicate with another computer. By using it, the exchange of data is encrypted through the internet pathways.<\/p>\n<p>This ensures that anyone who might see the data, who isn\u2019t supposed to, would not be able to see what was in the data.<\/p>\n<p>With SSH, you can then access sites and use <a href=\"https:\/\/wpmudev.com\/blog\/terminal-command-line\/\" target=\"_blank\" rel=\"noopener\">commands<\/a> to perform various functions (e.g. add a new file from the Bahamas).<\/p>\n<h3><strong><a id=\"ssh-authenticate\" target=\"_blank\"><\/a>The Key(s) to the Authentication Process<\/strong><\/h3>\n<p>The authentication is pretty straightforward and simple.<\/p>\n<p>It starts with creating a key pair, which the user typically does with <a href=\"https:\/\/www.ssh.com\/ssh\/keygen\/\" rel=\"noopener\" target=\"_blank\">ssh-keygen<\/a>. Private keys stick with the user, while the public key goes to the server.<\/p>\n<p>A server stores the public key and marks it as authorized. From this point, a server will now allow access to anyone who can show proof that they have the corresponding private key.<\/p>\n<p>The private key is typically kept private by a user developing a passphrase for it.<\/p>\n<p>Then, when a private key is needed, the user has to supply the passphrase so that the private key can be decrypted.<\/p>\n<figure id=\"attachment_187627\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-187627\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/how-SSH-works.png\" alt=\"how ssh works.\" width=\"600\" height=\"300\" \/><figcaption class=\"wp-caption-text\">How SSH works.<\/figcaption><\/figure>\n<h3><strong><a id=\"ssh-setup-hub\" target=\"_blank\"><\/a>Setting up SSH in the Hub<\/strong><\/h3>\n<p>If you\u2019re new to WPMU DEV or do not have an account with us, <a href=\"https:\/\/wpmudev.com\/hub-welcome\/\" target=\"_blank\" rel=\"noopener\">The Hub<\/a> is where you can manage, update, monitor, scan, and manage WordPress sites, all in one place.<\/p>\n<p>It\u2019s where you can allow SSH authentication, too.<\/p>\n<p>In this example, I\u2019m going to show you how to get SSH quickly set up in our Hub 2.0.<\/p>\n<p>Then, I\u2019ll provide a link to an article of ours that has <strong>a ton <\/strong>of very useful and detailed information that shows how to login to a cloud server, generate a public and private key pair, commands, and everything you need to know for SSH.<\/p>\n<p>Note: If you are not hosting with us, your hosting service should have an admin section where you can upload the public key.<\/p>\n<p>Every hosting service is a bit different, so you may need to reach out to them for assistance.<\/p>\n<p>Ok, back to The Hub&#8230;<\/p>\n<p>When you\u2019re logged into the Hub, select your website and then click on the <strong>Hosting<\/strong> tab.<\/p>\n<figure id=\"attachment_187628\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-187628\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/hub-hosting-tab.png\" alt=\"The Hub hosting tab.\" width=\"600\" height=\"263\" \/><figcaption class=\"wp-caption-text\">Where the hosting tab is in the Hub.<\/figcaption><\/figure>\n<p>Once you click the Hosting tab, more options will appear.<\/p>\n<p>From this point, click on the <strong>SFTP\/SSH<\/strong> tab.<\/p>\n<div class=\"image-grid cgrid-row\">\n<div class=\"cgrid-col cgrid-col-span-full\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-187629\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/ssh-tab-the-hub.png\" alt=\"STFP\/SSH tab.\" width=\"600\" height=\"314\" \/><\/div>\n<p>This takes you to a screen where you can view your <strong>SFTP\/SSH Accounts<\/strong> and <strong>Users<\/strong>.<\/p>\n<figure id=\"attachment_187630\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-187630 size-full\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/SSH-accounts-and-users.png\" alt=\"All the SSH accounts and users.\" width=\"600\" height=\"329\" \/><figcaption class=\"wp-caption-text\">All your SSH accounts and users.<\/figcaption><\/figure>\n<p>For this post, we&#8217;re interested in SSH. For a detailed tutorial on using SFTP, see this post on <a href=\"https:\/\/wpmudev.com\/blog\/sftp-transfer-files-securely\/\" target=\"_blank\" rel=\"noopener\">using SFTP to transfer your files securely<\/a>.<\/p>\n<p>Setting up a new user with an SSH account is quick and easy to do.<\/p>\n<p>First, click on <strong>Add User<\/strong>.<\/p>\n<figure id=\"attachment_187631\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-187631\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/add-ssh-user.png\" alt=\"Add a new SSH user.\" width=\"600\" height=\"272\" \/><figcaption class=\"wp-caption-text\">Add a new SSH user.<\/figcaption><\/figure>\n<p>This will give you two options: <strong>SFTP User <\/strong>or <strong>SSH User<\/strong>.<\/p>\n<figure id=\"attachment_187632\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-187632\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/new-ssh-user.png\" alt=\"SSH user.\" width=\"600\" height=\"102\" \/><figcaption class=\"wp-caption-text\">We\u2019ll go with SSH&#8230;<\/figcaption><\/figure>\n<p>Clicking on SSH User will take you to an area where you fill out specific information for a new user.<\/p>\n<div class=\"image-grid cgrid-row\">\n<div class=\"cgrid-col cgrid-col-span-full\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-187633\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/new-ssh-user-setup.png\" alt=\"New SSH user setup.\" width=\"600\" height=\"365\" \/><\/div>\n<\/div>\n<div>\n<p>Create a <strong>Username <\/strong>and <strong>Password<\/strong> (or use the funky password we&#8217;ll automatically generate for you).<\/p>\n<p>Next up is <strong>Path Restriction<\/strong>. If you like, you can limit the user&#8217;s access to your entire <strong>wp-content <\/strong>directory, or just to your <strong>Plugins<\/strong>, <strong>Themes, and Uploads<\/strong> folder.<\/p>\n<p>If you want no restrictions, just keep it on the default of <strong>None<\/strong>.<\/p>\n<p>You can also choose the <strong>Environment <\/strong>(i.e. <strong>Production<\/strong> or <strong>Staging<\/strong>).<\/p>\n<p>When you have all of the necessary information inputted, click the blue <strong>Add <\/strong>button.<\/p>\n<p><em>That\u2019s it!<\/em><\/p>\n<p>The new user will now appear in the dashboard. He or she will use the information to log into SSH to work on your site with <a href=\"https:\/\/wpmudev.com\/blog\/advanced-wordpress-development-command-line\/\" target=\"_blank\" rel=\"noopener\">commands<\/a> and more.<\/p>\n<p>You can edit the user, password, restrictions, and environment for any user at any time.<\/p>\n<p>There\u2019s a ton you can do with SSH and it\u2019s easy to get started. For more detailed information, please check out <a href=\"https:\/\/wpmudev.com\/blog\/what-is-ssh-wordpress\/\" target=\"_blank\" rel=\"noopener\">our article all about SSH<\/a>.<\/p>\n<p>And now that you know about SSH&#8230;<\/p>\n<h2><strong><a id=\"SSL\" target=\"_blank\"><\/a>What is SSL?<\/strong><\/h2>\n<p>You may not be aware of this, but you\u2019re probably already familiar with it and what it&#8217;s evolved to.<\/p>\n<p>For example, have you ever logged into your checking account or another website (e.g. one about Bahama vacations) and noticed it starts with \u201chttps:\/\/\u201d instead of just \u201chttp\u201d? There\u2019s an \u201cs\u201d. Hmm&#8230;<\/p>\n<p>Or, for an even quicker example, check out the lock to this post here on WPMU DEV from my browser.<\/p>\n<p>You\u2019ll notice in the address bar, we have a lock before our URL. I told you that you were already familiar with it ;)<\/p>\n<div class=\"image-grid cgrid-row\">\n<div class=\"cgrid-col cgrid-col-span-full\">\n<figure id=\"attachment_187634\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-187634 size-full\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/wpmu-dev-ssl-certificate.png\" alt=\"SSL lock on browser.\" width=\"600\" height=\"336\" \/><figcaption class=\"wp-caption-text\">Look familiar?<\/figcaption><\/figure>\n<p><a href=\"https:\/\/wpmudev.com\/blog\/ssl-https-wordpress\/\" target=\"_blank\" rel=\"noopener\"><strong>SSL<\/strong><\/a> (secure socket layer) was the standard security technology for establishing an encrypted link between a server and a browser until 2011 when TLS took over.<\/p>\n<p>This link ensures that all data that is passed between the web server and browser stay private.<\/p>\n<p>When you visit a website that has a form and you fill out your information, <a href=\"https:\/\/wpmudev.com\/blog\/ssl-deployment-strategy-wordpress\/\" target=\"_blank\" rel=\"noopener\">SSL helps keep it secured<\/a>. If you did this on an unsecured website, that information could be intercepted by (yikes) hackers.<\/p>\n<p>It\u2019s often used for user account pages, online checkout, and any site where important or sensitive information is used.<\/p>\n<p>With SSL, your browser will form a connection with the server, look around for an SSL certificate, and then connect together with your browser and the server.<\/p>\n<p>The connection is secure so that only you and the site that you submitted the information can access or see what you input in your browser.<\/p>\n<p>The connection is instant and is typically faster than an unsecured website. If you have a website with SSL, you\u2019ll score much better with SEO as well as security.<\/p>\n<h3><strong><a id=\"ssl-why\" target=\"_blank\"><\/a>Why Do We Use It?<\/strong><\/h3>\n<p>Simply put&#8230;to stay secure!<\/p>\n<p>It\u2019s important that information doesn\u2019t get into the wrong hands and you feel at ease when transmitting personal information online.<\/p>\n<p>Otherwise, some crook might take that money you were going to use on vacation and go on one himself.<\/p>\n<h3><strong><a id=\"ssl-importance\" target=\"_blank\"><\/a>What\u2019s the Importance of It?<\/strong><\/h3>\n<p>It\u2019s important to keep information safe when online.<\/p>\n<p>With SSL, sensitive information is sent across the Internet encrypted. That means only the intended receiver can access it.<\/p>\n<p>Also, an SSL certificate provides authentication. This ensures that you\u2019re sending the information to the right place and not some hacker who is trying to swipe your information.<\/p>\n<p>SSL providers are important to help verify a company. They use several identity checks to make certain that the website is who they say they are.<\/p>\n<h3><strong><a id=\"ssl-authenticate\" target=\"_blank\"><\/a>Authentication Process<\/strong><\/h3>\n<p>A browser or a server will attempt to connect to a website with SSL. The browser then asks (requests) that the web server identifies itself.<\/p>\n<p>The web server will then send the browser (or server) a copy of its SSL certificate.<\/p>\n<p>The browser checks it out to make sure it can trust it. If it can, it sends a message to the webserver.<\/p>\n<p>From here, the webserver sends back an acknowledgment that\u2019s digitally signed. This starts an SSL encrypted session.<\/p>\n<p>Data between the browser\/server and the secure SSL server is shared securely because it\u2019s encrypted.<\/p>\n<figure id=\"attachment_187717\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-187717 size-full\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/SSH_v_SSL_2-1.png\" alt=\"How SSL works.\" width=\"600\" height=\"300\" \/><figcaption class=\"wp-caption-text\">How SSL works.<\/figcaption><\/figure>\n<h3><strong><a id=\"ssl-setup-hub\" target=\"_blank\"><\/a>Getting Set Up in the Hub<\/strong><\/h3>\n<p>This is extremely easy to set up because, well, <strong>it\u2019s already done for you!<\/strong><\/p>\n<p>All websites that are hosted with WPMU DEV are provided with SSL certificates.<\/p>\n<p>Considering how unsafe unsecured sites are, it\u2019s essential for us to provide members with this automatically.<\/p>\n<p>You can see the SSL status of your site by clicking on your website\u2019s URL, then <strong>Hosting<\/strong>&gt;<strong>Domains<\/strong>.<\/p>\n<figure id=\"attachment_187636\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-187636\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/SSL-Status.png\" alt=\"Where you can see your SSL status.\" width=\"600\" height=\"252\" \/><figcaption class=\"wp-caption-text\">Where you can see your SSL status.<\/figcaption><\/figure>\n<p>It will have a green checkmark underneath SSL status if all is running well.<\/p>\n<p>Keep in mind that when you add a site, it may take several minutes for a certificate to be ready.<\/p>\n<p>Sometimes the process can take hours or, in very rare cases, an entire day. It just depends on how fast your DNS settings propagate.<\/p>\n<p>Our <a href=\"https:\/\/wpmudev.com\/blog\/adding-free-ssl-https-wordpress\/\" target=\"_blank\" rel=\"noopener\">SSL certificates<\/a> come from <a href=\"https:\/\/letsencrypt.org\/\" rel=\"noopener\" target=\"_blank\">Let\u2019s Encrypt<\/a>. It\u2019s totally free for you and we renew them every three months.<\/p>\n<h3><strong><a id=\"ssl-certifs\" target=\"_blank\"><\/a>Custom SSL Certificates<\/strong><\/h3>\n<p>Adding a custom SSL is an option for you as well with our hosting.<\/p>\n<p>The first thing you\u2019ll need to do is submit a <strong>Certificate Signing Request (CSR)<\/strong> to a <strong>Certificate Authority<\/strong>. Certificate providers (e.g. <a href=\"https:\/\/csrgenerator.com\/\" rel=\"noopener\" target=\"_blank\">CSR Generator<\/a>) usually have tools or can assist you in generating the CSR.<\/p>\n<p>When you obtain the CSR, it\u2019s important to save a copy of the <strong>Private Key<\/strong>.<\/p>\n<p>Now, you\u2019ll use the CSR to <a href=\"https:\/\/wpmudev.com\/blog\/ssl-certificate-authorities-reviewed\/\" target=\"_blank\" rel=\"noopener\">purchase the<strong> SSL certificate<\/strong><\/a>. This will give you a <strong>Private Key<\/strong>, <strong>Certificate<\/strong>, and <strong>Certificate Chain<\/strong>.<\/p>\n<p>Your SSL provider should be able to provide you with this information if they create a CSR with their interface.<\/p>\n<p>Keep in mind, you can use <a href=\"https:\/\/en.wikipedia.org\/wiki\/Wildcard_certificate\" rel=\"noopener\" target=\"_blank\">wildcard SSL<\/a> certificates, too.<\/p>\n<p>Our team can upload those for you exactly like non-wildcard certificates.<\/p>\n<p>Also, our support staff can help with adding custom certificates. You can start a live chat or create a support ticket. Either way, we\u2019ll get you all set up.<\/p>\n<p>To learn more about SSL, be sure to check out our article <a href=\"https:\/\/wpmudev.com\/blog\/ssl-https-wordpress\/\" target=\"_blank\" rel=\"noopener\">How to Use SSL and HTTPS with WordPress.<\/a><\/p>\n<h2><strong><a id=\"tls\" target=\"_blank\"><\/a>A Little Bit on TLS<\/strong><\/h2>\n<p>Whenever you see SSL being mentioned, you\u2019ll often see TLS, too.<\/p>\n<p>So, what\u2019s TLS?<\/p>\n<p><strong>TLS (Transport Layer Security)<\/strong> is the standard security protocol that is designed to facilitate privacy and data security over the Internet.<\/p>\n<p>It encrypts the information that is being communicated between web applications and servers (e.g. web browsers loading a website).<\/p>\n<p>You often see the name SSL\/TLS used interchangeably. TLS is basically an upgraded version of SSL. However, there are a few minor distinctions.<\/p>\n<p>Here are five of them:<\/p>\n<ol>\n<li><strong>Alerts:<\/strong> TLS protocol is to remove the alert message. It replaces it with several other alert messages. Meanwhile, SSL has a <strong>No Certificate <\/strong>alert message.<\/li>\n<li><strong>Cipher Suites:<\/strong> TLS doesn\u2019t offer any support for <a href=\"https:\/\/en.wikipedia.org\/wiki\/Fortezza\" rel=\"noopener\" target=\"_blank\">Fortezza cipher suite<\/a>, however, SSL does. TLS follows an improved standardization process that helps make defining of new cipher suites simpler (e.g. <a href=\"https:\/\/en.wikipedia.org\/wiki\/RC4\" rel=\"noopener\" target=\"_blank\">RC4<\/a>).<\/li>\n<li><strong>Handshake:<\/strong> With SSL, the hash calculation additionally encompasses the master secret and pad. With TLS, the hashes are calculated over the handshake message.<\/li>\n<li><strong> Record Protocol:<\/strong> TLS uses <a href=\"https:\/\/en.wikipedia.org\/wiki\/HMAC\" rel=\"noopener\" target=\"_blank\">HMAC<\/a>, which is a hash-based message authentication code. It\u2019s used after each message encryption. SSL uses Message Authentication Code (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Message_authentication_code\" rel=\"noopener\" target=\"_blank\">MAC<\/a>) after encrypting each message.<\/li>\n<li><strong>Message Authentication<\/strong>: TLS depends on HMAC Hash-based Message Authentication Code while SSL authenticates by adjoining the key details and application data in an ad-hoc way.<\/li>\n<\/ol>\n<p>As you can see, they\u2019re different but are also very similar in nature.<\/p>\n<p>You also now know why you often see SSH\/TLS together. TLS fixes some of the security vulnerabilities in the earlier SSL protocols.<\/p>\n<p>Something to remember is that your certificate is not exactly the same as the protocol that your server will use. That means you do not need to change your certificate to use TLS.<\/p>\n<p>Sure, it may be labeled as an SSL certificate, but your certificate already supports both the SSL and TLS protocols.<\/p>\n<p>If you\u2019d like to check out what version of SSL\/TLS your web browser is using, you can cruise over to the <a href=\"https:\/\/www.howsmyssl.com\/\" rel=\"noopener\" target=\"_blank\">How\u2019s My SSL<\/a> tool. It\u2019ll show you instantly.<\/p>\n<p>TLS is going to become more and more common of a term than SSL soon, so get used to it. After all, TLS is the standard.<\/p>\n<h2><strong><a id=\"differences\" target=\"_blank\"><\/a>Differences Between SSH and SSL\/TLS<\/strong><\/h2>\n<p>Now that we\u2019ve looked at SSH and SSL\/TLS &#8212; what are the similarities and differences?<\/p>\n<p>I\u2019ve gone over how they function and what they do, however, the big takeaway is they both use encryption to protect data that is being passed between two network devices.<\/p>\n<p>Here\u2019s a quick breakdown of some of the essential differences between the two:<\/p>\n<figure id=\"attachment_187637\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-187637\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/05\/Comparison_Table_SSH_SSL.png\" alt=\"SSH vs SSL\/TLS\" width=\"600\" height=\"771\" \/><figcaption class=\"wp-caption-text\">SSH vs SSL\/TLS<\/figcaption><\/figure>\n<p>While we are comparing security protocols and acronyms that start with &#8220;s,&#8221; the other protocol you should know about is when to use <strong>SSH<\/strong> vs <strong>SFTP<\/strong>.<\/p>\n<p>This is important if you plan to access files on your hosting server securely. Fortunately, we have written an entire article about it here: <a href=\"https:\/\/wpmudev.com\/blog\/sftp-transfer-files-securely\/\" target=\"_blank\" rel=\"noopener\">What is SFTP? How to Transfer Your Files Securely<\/a>.<\/p>\n<h2><strong><a id=\"summary\" target=\"_blank\"><\/a>Feel Secure Yet?<\/strong><\/h2>\n<p>Security has many layers and differences, as you can see. A strong password isn\u2019t the only thing that\u2019s going to protect you.<\/p>\n<p>Both SSH and SSL have their unique purposes and do what they can to help.<\/p>\n<p>SSL is the primary requisite of security on the web, SSH is an added safety feature of it. When you add TLS into the mix, all three of them render strong and mighty security and safer communication in the web hosting process.<\/p>\n<p>SSH does have some additional features, such as providing multiple data channels to its applications.<\/p>\n<p>It supports the execution of remote programming, TCP connections, and more, which makes it often used by web hosting companies as the sole security protocol.<\/p>\n<p>However, when implemented correctly, they all work well to help keep your information secure.<\/p>\n<p>Throw some <a href=\"https:\/\/wpmudev.com\/hosting\/\" target=\"_blank\" rel=\"noopener\">good hosting<\/a> and take other measures (e.g. install our <a href=\"https:\/\/wordpress.org\/plugins\/defender-security\/\" rel=\"noopener\" target=\"_blank\">Defender plugin<\/a>), and you\u2019ll have a knockout system of security for the web.<\/p>\n<p>And now the big difference between SSH and SSL is you\u2019re no longer confused by them.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>When it comes to security online, you want to feel good about sending information across the web. SSH and SSL are here to help keep your information secure. So, what\u2019s the difference between the two? It might be easy to confuse them. They both consist of three letters, they both start with two \u2018Ss\u2019, and [&hellip;]<\/p>\n","protected":false},"author":811449,"featured_media":187645,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"blog_reading_time":"13","wds_primary_category":0,"wds_primary_tutorials_categories":0,"footnotes":""},"categories":[263,11260,11259],"tags":[],"tutorials_categories":[11233],"class_list":["post-187626","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","category-wpmu-dev-products","category-wpmudev-tutorials","tutorials_categories-hosting"],"_links":{"self":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/187626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/users\/811449"}],"replies":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/comments?post=187626"}],"version-history":[{"count":28,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/187626\/revisions"}],"predecessor-version":[{"id":209299,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/187626\/revisions\/209299"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media\/187645"}],"wp:attachment":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media?parent=187626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/categories?post=187626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tags?post=187626"},{"taxonomy":"tutorials_categories","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tutorials_categories?post=187626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}