Does my site need an SSL certificate?

Update: 09/07/2018

Google's latest version of Chrome (due in July 2018) is set to mark all pages of sites without an SSL certificate as 'Not Secure', and not just contact forms. It's time for every website to have a valid SSL certificate installed as soon as possible.

Get in touch with us on [email protected] to see how we can help!

You may have noticed your browser warning you that a site you are visiting is not secure. In particular, if a page has a web form, browsers such as Google Chrome will display the following security statuses in the URL bar:

What does this mean?

Earlier this year, many of the top browsers such as Google Chrome and Firefox announced they were going to enhance their security requirements. On pages where there are forms for users to complete, such as contact forms or product checkout forms, if a site does not have a valid SSL certificate, users will be notified that the page is not encrypted and warn them not to fill the form.

If your site doesn't have an SSL certificate installed, it is likely that this will negatively impact your business, so it's important to know what an SSL certificate is, how it helps with security and whether your site requires one.

What is an SSL certificate?

SSL stands for Secure Socket Layer, and it helps your customers to initiate healthy communication with you while browsing pages on your website and buying products. In other words, SSL works like a giant windshield that ensures complete protection of your data when it travels on super highway of information over the internet.

Do I need an SSL certificate for my website?

Here are the benefits of having the extra protection that an SSL certificate provides:

1. Secure payments:

If you accept payments online, then you may require a merchant account. Most merchant accounts will need SSL certification before you are approved. Most reliable web hosting companies these days follow specific terms regarding SSL based website security.

Also, you wouldn't want your customers to worry about having their credit card information stolen while making payments online. Hence, you need an SSL certificate to ensure complete protection of your website checkout page. If a customer trusts your website for making purchases, they are likely to visit again.

2. Protection of logins:

If your website has password protected pages, then ideally you should have SSL certification. Most popular database driven websites like WordPress and Joomla often use an administrator controlled login page and are often targeted by hackers.

Having an SSL certificate certainly improves your security when logging in to your site, as the information you enter is encrypted.

If you like working in remote places like coffee shops using the public WiFi, then you should have an SSL certificate to encrypt your details while logging in.

3. Secure your web forms:

Even if you are not collecting sensitive data such as credit card information, the warning sign at the top of your websites URL bar that now appears on popular browsers may stop people filling out your web form.

4. Better performance on Search Engines

Google is actively encouraging websites to use https:// and sites with an SSL certificate perform better than sites without certificates - more information here.

Free vs Paid SSL Certificates

In the past obtaining an SSL and installing it was a tricky process and could be quite expensive.

However, Let's Encrypt (launched in April 2016) have been offering free domain validation (DV) certificates for any qualifying site.

Benefits of Let's Encrypt Free SSL
  • It's free. It's hard to compete on price with something that doesn't cost a penny. In comparison, GoDaddy's and RapidSSL's standard SSL costs around £50 per year.
  • Easy to manage - usually obtaining & renewing certificates would be a hassle but if your host supports Let's Encrypt, issuing a certificate is very straightforward.
  • Offers a similar level of protection to most standard SSL certificates.
When you may require a paid SSL

It does seem like Let's Encrypt is the ideal option for most businesses, but there are some circumstances when it would be more advisable to go for a paid standard SSL.

  • If you require more than a domain validated certificate (e.g. if you are a professional institution or governmental agency, then you probably need extended validation, where the certificate is only issued once the organisation provides additional documentation to verify the legitimacy of the company).
  • If you prefer to not have the hassle of renewing every 90 days. The maximum length is 90 days before the certificate needs to be reissued. In most cases, this is straightforward enough, as the host can automatically reissue the certificate. Most other providers allow for terms from 1 to 3 years..

The Next Steps

Please get in touch for us to assess if an SSL certificate is required for your website, and if so, which option we recommend, and the cost of implementing it.