Does my site need an SSL certificate?

You may have noticed your browser warning you when a site you’re visiting isn’t secure. Especially for pages with a web form, browsers like Google Chrome often display the following security statuses in the URL bar:

What does this mean?

Earlier this year many of the top browsers like Google Chrome and Firefox announced they were going to enhance their security requirements. On pages where there are forms for users to complete, like contact forms or product checkout forms, a site needs a valid SSL certificate or users will be notified that the page isn’t encrypted, and warned not to fill the form.

If your site doesn’t have an SSL certificate installed, then, it’s possible that this will negatively impact your business as users are warned off your site.

Read on for more information on what an SSL certificate is, how it helps with security and to assess whether your site requires one.

What is an SSL certificate?

SSL stands for Secure Socket Layer. It helps your customers initiate safe communication with you while browsing pages on your website and buying products.

SSL works like a giant windshield that ensures complete protection of your data when it travels on super highway of information over the internet.

Do I need an SSL certificate for my website?

Here are the benefits of having the extra protection that an SSL certificate provides:

1. Secure payments:

If you accept payments online, then you may require a merchant account. Most merchant accounts need SSL certification before you are approved. Most reliable web hosting companies these days follow specific terms regarding SSL based website security.

Also, you don’t want your customers to worry about having their credit card information stolen while making payments online. Hence, you need an SSL certificate to ensure complete protection of your website checkout page. If a customer trusts your website for making purchases, they are likely to visit again.

2. Protection of logins:

If your website has password protected pages, then ideally you should have SSL certification. Most popular database-driven websites like WordPress and Joomla often use an administrator controlled login page and are often targeted by hackers.

Having an SSL certificate improves your security when logging in to your site, as the information you enter is encrypted.

If you like working in remote places like coffee shops using the public WiFi, then you should have an SSL certificate to encrypt your details while logging in.

3. Secure your web forms:

Even if you are not collecting sensitive data such as credit card information, the warning sign at the top of your websites URL bar that now appears on popular browsers may stop people filling out your web form.

4. Better performance on Search Engines

Google is actively encouraging websites to use https://, and considering SSL a ranking factor for your site. Plus sites with an SSL certificate perform better than sites without certificates – more information here.

In other words, you’re more likely to rank higher for search engines if you use SSL – which means more traffic to your site.

Free vs Paid SSL Certificates

In the past obtaining and installing an SSL was a tricky process and could be quite expensive.

However, Let’s Encrypt (launched in April 2016) have been offering free domain validation (DV) certificates for any qualifying site.

Benefits of Let’s Encrypt Free SSL
  • It’s free. It’s hard to compete on price with something that doesn’t cost a penny. In comparison, GoDaddy‘s and RapidSSL‘s standard SSL costs around £50 per year.
  • Easy to manage – usually obtaining & renewing certificates would be a hassle but if your host supports Let’s Encrypt, issuing a certificate is very straightforward.
  • Offers a similar level of protection to most standard SSL certificates.
When you may require a paid SSL

Let’s Encrypt is the ideal option for most businesses, but there are some circumstances when it would be more advisable to go for a paid standard SSL.

  • If you require more than a domain validated certificate. For example, if you are a professional institution or governmental agency you probably need extended validation, where the certificate is only issued once the organisation provides additional documentation to verify the legitimacy of the company.
  • If you prefer to not have the hassle of renewing every 90 days. The maximum length is 90 days before the certificate needs to be reissued. In most cases, this is straightforward enough, as the host can automatically reissue the certificate. Most other providers allow for terms from 1 to 3 years.

The Next Steps

Please get in touch for us to assess if an SSL certificate is required for your website, and if so, which option we recommend.

Leave a Comment