Do I need an SSL certificate? Here’s why SSL is essential for websites in 2018

Home / Web Development / Do I need an SSL certificate? Here’s why SSL is essential for websites in 2018

SSL is essential for websites in 2018

What is SSL?

In simple terms, SSL is a certificate that encrypts all the data sent by your computer and the website you are visiting. This means no one can intercept and steal the information you are sending – particularly important for any website where you enter personal data. All SSL encrypted websites use the “https” in the website URL instead of “http” – the “s” stands for “secure”.

That sounds good, so what are the benefits to having SSL on my website?

Improve your Google rankings

Back in 2014 Google clearly stated that SSL was a ranking factor. Since that time, SEOs have argued about its importance, but the thing to always remember when considering Google’s algorithm is user experience. Is a secure website better for users? Yes. Therefore you can bet Google considers it important. We also know that Google’s ideal scenario is to have a 100% secure internet in the future, and when Google has a plan, it uses its power to enforce it, either by rewarding sites that cooperate or penalising websites that refuse to conform. When we conduct SEO audits for clients, an SSL certificate is one of the first items on our checklist.

Google Chrome v68 will mark all non-SSL websites as “Not Secure” starting July 2018

As Google announced in February 2018, the latest version of the Google Chrome web browser (version 68) released last month will start marking all websites still using the old “http” protocol as insecure, even if they’re not collecting any user data. Chrome has been adding this label to any non-SSL website that asks a visitor to enter data, but from now on it applies to every single website that lacks an SSL certificate. Considering Google Chrome enjoys a 59% market share (source: Statcounter) this reason alone is enough to use SSL on your website.

SSL is now free

You heard us, SSL is free. Since Google started its crusade against insecure websites, many resourceful techies have been hard at work making sure everyone can afford it, by making SSL completely free. With the launch of Let’s Encrypt in 2016 and free SSL certificates from Comodo and cPanel offered out of the box, many web hosts now offer free domain-validated SSL with every hosting account. If your web hosting provider isn’t offering you free SSL then it’s time to switch to one that does – like our friends at HostAsean.com.

SSL protects you and your users

If you use WordPress without SSL then you’ll be sending your username and password in plain text over the network whenever you log into the admin area. How many times have you logged into your website when using public Wi-Fi at a coffee shop, hotel, or airport? If you’re anything like the average user then the answer is a lot. Every time you do this on a website without SSL then you risk having your password stolen because anyone on the same network could be snooping and intercept your plain text login. Having a SSL certificate on your website puts a stop to this risk. If your password is encrypted by the SSL certificate, it doesn’t matter if someone steals it – they can’t use it without being able to decrypt it.

In many countries you will likely have a legal obligation to protect your customers’ data and privacy. Not using SSL on a website that asks for any personal data could be a huge liability for your business.

Are there any reasons NOT to have a SSL certificate?

Not really, but in the interest of a balanced argument here are two plausible reasons.

Laziness

It’s certainly easier to not have it, so that counts for something right? In our opinion, if laziness ever becomes a legitimate motivating factor in your business, an SSL certificate may be the least of your problems!

Microscopic speed increase / reduced server overhead

I’m hesitant to even mention this as it makes it sound like a legitimate concern. But technically it is true – there is a slight delay called the SSL “handshake” that occurs while a web browser connects to an SSL website. That process can add 100 milliseconds to your connection time. That’s 0.1 seconds. Additionally, the server has to work slightly harder as serving a https request takes a tiny bit more resources than a http request.

We’re usually all about site speed but in this case you are only shaving off milliseconds while giving up some significant benefits, and it’s simply not worth it. With modern hardware, the difference is so microscopic that any benefit won’t even be noticed.

Remember to redirect the HTTP version of your website to HTTPS

Don’t forget that once you install your SSL certificate you’ll want to 301 redirect your http site to https for SEO purposes, otherwise Google can treat the two sites independently and penalise one for duplicate content. Try this code snippet in your .htaccess file.

#This will work if your website uses "www":
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Do I need an SSL certificate?  Our advice: just do it!

Ultimately it’s your choice, but not using SSL is a potentially dangerous choice. It will harm your website and risk your data, while using SSL is a good choice that will benefit it and keep you safe. At Blak Ink Media we consider an SSL certificate to be essential. There are obvious reasons why it’s practical to make the change now but ultimately, we don’t call the shots when it comes to world standards. Google has long established itself as the internet police, and if Google loves HTTPS, you should to.

Comments(0)

    Leave a Comment