Does my site need an SSL certificate?

Drijen Shah
July 19, 2017
1:24 pm
No Comments

Update: 09/07/2018

Google’s latest version of Chrome (due in July 2018) is set to mark all pages of sites without an SSL certificate as ‘Not Secure’, and not just contact forms. It’s time for every website to have a valid SSL certificate installed as soon as possible.

Get in touch with us on [email protected] to see how we can help!

You may have noticed your browser warning you that a site you are visiting is not secure. In particular, if a page has a web form, browsers such as Google Chrome will display the following security statuses in the URL bar:

What does this mean?

Earlier this year, many of the top browsers such as Google Chrome and Firefox announced they were going to enhance their security requirements. On pages where there are forms for users to complete, such as contact forms or product checkout forms, if a site does not have a valid SSL certificate, users will be notified that the page is not encrypted and warn them not to fill the form.

If your site doesn’t have an SSL certificate installed, it is likely that this will negatively impact your business, so it’s important to know what an SSL certificate is, how it helps with security and whether your site requires one.

What is an SSL certificate?

SSL stands for Secure Socket Layer, and it helps your customers to initiate healthy communication with you while browsing pages on your website and buying products. In other words, SSL works like a giant windshield that ensures complete protection of your data when it travels on super highway of information over the internet.

Do I need an SSL certificate for my website?

Here are the benefits of having the extra protection that an SSL certificate provides:

1. Secure payments:

If you accept payments online, then you may require a merchant account. Most merchant accounts will need SSL certification before you are approved. Most reliable web hosting companies these days follow specific terms regarding SSL based website security.

Also, you wouldn’t want your customers to worry about having their credit card information stolen while making payments online. Hence, you need an SSL certificate to ensure complete protection of your website checkout page. If a customer trusts your website for making purchases, they are likely to visit again.

2. Protection of logins:

If your website has password protected pages, then ideally you should have SSL certification. Most popular database driven websites like WordPress and Joomla often use an administrator controlled login page and are often targeted by hackers.

Having an SSL certificate certainly improves your security when logging in to your site, as the information you enter is encrypted.

If you like working in remote places like coffee shops using the public WiFi, then you should have an SSL certificate to encrypt your details while logging in.

3. Secure your web forms:

Even if you are not collecting sensitive data such as credit card information, the warning sign at the top of your websites URL bar that now appears on popular browsers may stop people filling out your web form.

4. Better performance on Search Engines

Google is actively encouraging websites to use https:// and sites with an SSL certificate perform better than sites without certificates – more information here.

Free vs Paid SSL Certificates

In the past obtaining an SSL and installing it was a tricky process and could be quite expensive.

However, Let’s Encrypt (launched in April 2016) have been offering free domain validation (DV) certificates for any qualifying site.

Benefits of Let’s Encrypt Free SSL

It’s free. It’s hard to compete on price with something that doesn’t cost a penny. In comparison, GoDaddy‘s and RapidSSL‘s standard SSL costs around £50 per year.
Easy to manage – usually obtaining & renewing certificates would be a hassle but if your host supports Let’s Encrypt, issuing a certificate is very straightforward.
Offers a similar level of protection to most standard SSL certificates.

When you may require a paid SSL

It does seem like Let’s Encrypt is the ideal option for most businesses, but there are some circumstances when it would be more advisable to go for a paid standard SSL.

If you require more than a domain validated certificate (e.g. if you are a professional institution or governmental agency, then you probably need extended validation, where the certificate is only issued once the organisation provides additional documentation to verify the legitimacy of the company).
If you prefer to not have the hassle of renewing every 90 days. The maximum length is 90 days before the certificate needs to be reissued. In most cases, this is straightforward enough, as the host can automatically reissue the certificate. Most other providers allow for terms from 1 to 3 years..

The Next Steps

Please get in touch for us to assess if an SSL certificate is required for your website, and if so, which option we recommend, and the cost of implementing it.

Cookie	Type	Duration	Description
__cfduid	persistent	1 year	The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address d apply security settings on a per-client basis. It doesnot correspond to any user ID in the web application and does not store any personally identifiable information.
__stripe_mid	persistent	1 year	Stripe is used to making credit card payments. Stripe uses a cookie to remember who you are and to enable the website to process payments without storing any credit card information on its own servers. More information: https://stripe.com/gb/privacy
__stripe_sid	persistent	30 minutes	Stripe is used to making credit card payments. Stripe uses a cookie to remember who you are and to enable the website to process payments without storing any credit card information on its own servers. More information: https://stripe.com/gb/privacy
cookielawinfo-checkbox-advertisement	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Advertisement'.
cookielawinfo-checkbox-analytics	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Analytics'.
cookielawinfo-checkbox-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Necessary'.
cookielawinfo-checkbox-performance	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Performance'.
cookielawinfo-checkbox-uncategorized	1 year	persistent
JSESSIONID	third party		Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
m	third party	9 years	Set by Stripe. Determines the device used to access the website. This allows the website to be formatted accordingly. https://stripe.com/gb/privacy
referrer_user_id	1	2 weeks
thrivecart	third party		This cookie is set by ThriveCart, our shopping cart system used to collect payments from our clients.
viewed_cookie_policy	persistent	1 hour	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
_ga	persistent	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. Google's privacy policy
_gat_gtag_UA_124606883_1	persistent	1 minute	Google uses this cookie to distinguish users.
_gat_UA-124606883-1	persistent	1 minute	Used by Google Analytics to throttle request rate
_gid	persistent	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.