Do I Really Need an SSL Certificate for My Website?
As a website owner, you’ve likely heard the term “SSL Certificate” thrown around - particularly from your web developer or other digital agencies.
So, what’s the big deal?
We’ll break it down for you and give you all the information you need to determine whether or not it is really important for your website.
What is an SSL Certificate?
An SSL (or Secure Sockets Layer) Certificate encrypts information and allows it to pass securely from your website to an internet browser. All forms - contact, subscription, payment information, etc. - on your website pass information along through the internet and need this secure encryption to keep the information protected from outside threats.
Visit any website and look at the URL in the search bar. What does it say? A website with a secure encryption - SSL Certificate - will use “https” at the start of their URL where a site that doesn’t have one will simply use “http” or won’t list the prefix at all.
Currently, Google Chrome is even labeling many websites as “Secure” or “Not Secure”, dependent on whether or not they have an SSL certificate.
This encryption is especially important for eCommerce sites, or any sites that accept online payments or collect personal identifying information. But what if your site doesn’t meet that criteria?
In the past, only the above mentioned types of websites needed to have this secure encryption on their site. It didn’t really matter for websites that weren’t collecting sensitive information. They weren’t putting anyone at risk by not securing their site.
But times are changing...
As of the end of July 2018, Google Chrome is labeling many websites as “Not Secure” if they don’t have an SSL Certificate (shown above). That can be unnerving to consumers when they happen upon a site that is flagged.
Not everyone is knowledgeable about what that “Not Secure” means. Can someone hack me just by being on this site? Am I at risk for visiting an unsecure website? What information is being taken from me right now? These are some of the thoughts consumers have when they see this.
Even though that “Not Secure” simply means you don’t have an SSL Certificate, and it won’t affect website users if you aren’t collecting information from them, people don’t know that and it could impact your web traffic and visibility.
That “Not Secure” label can be as damaging as a bad review. Consumers can lose trust in your website and go to a website where they do feel “secure”.
What are the benefits of an SSL Certificate?
Aww, yes, the benefits. We’ve told you how not having an SSL Certificate is bad for you, but what good will it do for you?
For one, any information passed between your website and the server is encrypted, protecting it from hackers. This is essential if you take payments on your website or collect sensitive information, like an eCommerce site or medical practice. Even if you only take emails or phone numbers and a name, it’s better to be safe than risking your customers’ information getting stolen.
Google wants the internet to be safe for everyone. So, they are, in essence, almost forcing our hand to switch over to “HTTPS” by making it a ranking signal for search engine optimization. While it doesn’t have a large impact on SEO (you won’t get to page 1 just for adding this), it does offer some value to your search engine rankings.
Keep Your Traffic
If you have an SSL Certificate, you won’t scare away traffic with the “Not Secure” flag that Google is so intent on using. It will help you build trust with your website users and help them feel safe in coming back.
Check out this page to see each phase of changes Google is making to non-secure URLs and when they will take place.
How do I get an SSL Certificate?
There are a few different ways you can go about this, but there is one that we like best. Why? Because it’s free! (Mostly.)
Let’s Encrypt is a free certificate authority provided by the Internet Security Research Group. With sponsors like Google Chrome and Facebook behind it, we recommend this to all of our clients and anyone who doesn’t have an SSL Certificate.
This service is free and automated, with no annual fees like many traditional certificate authorities have. However, if you don’t know how to set it up yourself, there could be a small fee for labor if you choose to enlist a developer’s help. We charge a $30 one-time fee for setting up the encryption.
Let’s Encrypt certificates do only have a lifetime of 90 days, but you can set them up so they automatically renew if you don’t want to do so manually.
For more information about how Let’s Encrypt works, visit their documentation page.
If you are serious about getting an SSL Certificate on your website--and we highly recommend that you do--Let’s Encrypt is the best option out there to keep costs low (or non-existent) and your website secure.