Lately, there has been a lot of news on the web about SSL certificates. SSL Certificates provide secure, encrypted communications between a website and an internet browser. You can tell if a site has an SSL certificate or not because it has a ‘s’ in the http:// part of the domain name eg https://amazon.com.
What is SSL exactly?
SSL stands for Secure Sockets Layer. This is a protocol which provides the secure encryption. SSL Certificates are typically installed on pages or websites that require end-users to submit sensitive information over the internet like passwords and payment card details. Examples include WordPress login pages, payment pages and online forms.
Why all the fuss?
Recently, Google has announced that it wants all websites to have SSL certificates to make them more secure. The problem is that many older sites do not have certificates installed. To upgrade, an SSL certificate has to be ordered and installed, and there are associated costs. If you want one installed on a newly commissioned site, the design fee for your site is more. For large corporate sites, this is usually not a problem. But for small, non-corporate sites the cost of the SSL certificate adds to the cost of design and the yearly renewal fees as each SSL has to be renewed each year.
SSL certificates and Chrome
Google owns the Chrome browser. As as Google wants all sites to have an SSL certificate (they do not discriminate between the needs of a small brochure site and large corporate sites), they have now installed a warning notice on their browser if you try to access page is requesting sensitive information that does not not have an SSL certificate applied. In the future, other browsers may follow Google’s guidelines.
SSL certificates and SEO
Google is encouraging the use of SSL by giving sites with a certificate installed an SEO boost over competitors. For visitors that use Chrome (Google’s browser), Chrome will display a disconcerting warning if you try to access a page where the content is not secured by SSL such as login pages and pages with forms.
Does my website need an SSL certificate?
If your site has any of the following, it is definitely advisable to have an SSL certificate installed.
- A form* that is processed on your site
- A login page requiring username and password
- A payment facility which asks for credit card details and processes the order** on your site
* Not all forms are actually processed on a website. If the form comes from a 3rd party provider, often the form is secure anyway. It’s usually only forms where the contents are actually processed on your site where the problem arises.
** Note that third party payment gateways such as PayPal are not effected as the sensitive data is processed on the gateway’s website.
Being sensible about SSL
In practice, many small sites do not have forms or payment facilities. Simple brochure websites, artist portfolio sites and author websites are good examples of content not necessarily requiring the belts and braces security SSL provides. If budget is an issue, at the moment, you can probably get away without installing a certificate on such sites. Be aware however, that at some point in the future, SSL certificates may become compulsory.
Also, because of Google gives SEO advantage to sites with SSL installed over sites that do not, you may like install an SSL certificate anyway to benefit from the SEO advantage that SSL certificates offer. Having an SSL certificate also avoids any warning notices on the Chrome browser.
Google eventually wants all sites, regardless of size and content to have an SSL certificate. Although this has security and SEO advantages, it can result in an extra expense which pushes up the cost of a website. Web hosting companies charge for professional level SSL certificates and they have to be renewed each year. If budget is no object, then upgrade straightaway – no risk of warnings on Chrome and a little bit of an SEO boost to your site.
For those on a lower budget, on some sites we can install Let’s Encrypt SSL certificates. These are similar to the professional level SSL certificates but your site is not actually named on the certificate. For a small website with no eCommerce facility, these certificates are perfectly adequate.
Summary – does my site need an SSL certificate?
- Yes, an SSL certificate is advisable, especially if any of your pages request sensitive information (forms, logins, payment card details)
- Sites with SSL installed are given some SEO advantage by Google.
- Sites with SSL installed should not result in a security warning on the Chrome browser.
- Installing a professional level SSL certificate costs money and your website renewal fees will be higher too as the SSL certificate needs to be renewed each year.
- Let’s Encrypt SSL certificates are possible on some sites which do not have an eCommerce facility and are less costly
- SSL certificates are not compulsory on any at the time of writing (Dec 2017)
- Eventually it is likely that SSL certificates will be compulsory on all sites, but not for a few years.
We are facilitating all our customers to transfer to https on request and new customers can be assured that new sites will be offered SSL as standard.