Do you need SSL?

What is SSL?

SSL stands for Secure Socket Layer, and is a security technology for encrypting information between a web server and a browser. You can tell if a site has SSL because it will have https:// before the domain name instead of plain http://. It will also have a green lock icon in the browser’s address bar.

In order to get this encryption technology, you need an SSL certificate, which can typically be obtained through your web host.

Why would you need SSL?

For many years, the only time you would need SSL is if you were selling goods or services and actually collecting credit card info on your website (as opposed to sending customers to another company’s server, like Paypal). If you were not selling anything or otherwise collecting sensitive information, an SSL certificate was completely unnecessary.

However, Google has changed all that. Thanks Google! (Did you note a touch of sarcasm?)

Google not only started using SSL as a ranking factor (potentially ranking sites with SSL higher than ones without), but now they are also starting to display a message in some browsers that a site is not secure.

Again, for websites that are not collecting sensitive information, security is really not a concern! But most people don’t know that, and could be turned off by that message about an un-secured connection.

How do you get SSL?

Luckily, since Google announced these changes, some hosting companies, including Siteground, Bluehost, and WpEngine, are now offering free SSL certificates through Let’s Encrypt, a free, automated, and open certificate authority. The process to add SSL through Let’s Encrypt could not be easier — usually just a few quick clicks in your web hosting’s control panel.  I am hopeful that as time passes, more and more web hosts will offer Let’s Encrypt. If your host is not offering it, or you aren’t sure if they are, contact them and ask! The more customers they have asking about it, the more likely they are to get on board.

If your host does not offer Let’s Encrypt, you can still install the free certificate using SSL for Free. However, you have to re-key the certificate every 3 months, which is a pain and not something you probably want to deal with. In this case, I’d suggest just paying for an SSL certificate through your host. They tend to run somewhere between $40-$100 per year.

Should you panic if you don’t have SSL?

Absolutely not. SSL is just one of a zillion factors Google considers when ranking websites, so unless you are in tight competition for a specific key phrase, you may not even be affected. The message about a site not being secured is more annoying, and is why I will start recommending everyone get SSL. But if it doesn’t happen for you for a while, it will be ok. When you have a chance, just contact your hosting company to see what they offer, and if possible, have them install a certificate for you.