Does My Website Really Need An SSL?

Website security becomes a bigger and bigger issue every year and along with it comes the need to make sure your site is secure. While there’s no real foolproof way to make sure your site is 100% secure, there are measures you can take to make it more difficult for nefarious individuals to get access to your site. One of these is by installing an SSL license enabling a certain level of encryption to and from your site.

What is SSL?

SSL stands for “Secure Socket Layers” which is a special protocol for encrypting the information that travels between a website and its visitors. The SSL makes it much more difficult for criminals to steal sensitive information being sent to and from your website (credit card numbers, passwords etc.) by scrambling the text between their device and your web server.

You can tell if a site has an SSL certificate by looking in the address bar of your web browser and looking for whether or not a site’s address begins with HTTP or HTTPS. The “S” in HTTPS stands for Secure and signifies that an SSL certificate is being used.

The folks over at Lyquix did a great job putting together this simple video to explain how SSL works in “layman’s” terms:

Video by Lyquix

Ok, so how much does it cost?

Acquiring a traditional SSL Certificate isn’t always cheap (upwards of $150 for some traditional certificates). However, over the past few years, a free alternative has hit the market called Lets Encrypt, a nonprofit organization dedicated to creating a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS. Their service is free and easy to use so that every website can deploy HTTPS.

Let's Encrypt free SSL

Since it’s release, more and more web hosting companies have begun including Let’s Encrypt SSL certificates with their hosting plans, so setting up your SSL and renewing it (Let’s Encrypt needs to be renewed every 90 days) is done automatically without you ever noticing it.

What if I choose not to use an SSL?

You do this at your own risk. If you’re running a basic website without e-commerce or other sensitive information being sent to and from your website, you can probably get away with it. However, as of July 2018, Google has taken an extra step to penalize sites that are transmitted over insecure channels. Google Chrome now displays a “Not Secure” message next to non-HTTPS domains. 

Google's treatment of Pages without SSL as of July 2018
Image from Search Engine Land

What this means is that visitors to your website will now receive a message letting them know that sharing any information with your website is done at their own risk. In regards to online trust, it seems like a no-brainer to me to get your free Let’s Encrypt SSL up and running on your site ASAP!

We’re Here To Help

If you’re having trouble getting your SSL set up on your site, send us a message and we’ll be happy to help however we can.