Do I Need A SSL Certificate For My Website?
Do I need a SSL certificate for my website?
That's a darn fine question, and I'm going to answer that in a just a second.
But before I do, the question I get before getting asked if an SSL certificate is needed on a website is ...
What The Heck Is An SSL Certificate?
Well, SSL stands for Secure Socket Layer and it's digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology.
So that's a fancy way of saying any sensitive information transmitted from your website (browser to server), such as payments using a credit card or login credentials are transmitted securely in a encrypted format and can't be intercepted by anyone.
Basically the data is scrambled up into a undecipherable format and can only be unscrambled into a readable format using the proper decryption key. And the proper decryption key is your SSL certificate.
A SSL certificate contains the following information:
- The name of the certificate holder
- Serial number and expiration date
- A key pair - a public and private key
- A digital signature of the certificates issuing authority
And it's really easy to tell if a site is secure. Look up at my URL - it shows Secure with a green padlock and the address starts with HTTPS. An unsecured site has none of this and will show just HTTP.
So Do You Really Need An SSL Certificate?
If you do accept payments on your website most hosts (the big ones) require you to have a SSL certificate so you have no choice.
But if you're not accepting payments on your website in the past I would have said no you don't need one.
But now, moving forward (2017) even if you don't collect payments on your website you should have an SSL certificate. And here's the 3 BIG reasons why.
1) It Protects Password Logins
So if you have any pages on your site that are password protected, and that includes wordpress sites and Joomla sites - having a SSL will protect you.
You see there are bots out there crawling the internet, and their only job is to find poorly password protected pages on sites so they can gain access to the site. Your Site!!
And if you have a membership site with multiple logins, you really need an SSL certificate because each login is another access point for an unsecured site. A hackers dream site.
You certainly don't want to wake up one morning to find your site has been taken over by some low life hacker.
2) Web Forms
If you're like me you have a contact form on your site. And maybe you have an optin form to build your mailing list. Maybe you have a questionnaire on your site.
It could be anything. Even if you're just collecting the most basic information like a name and email address. I bet it's safe to say that person would not be that thrilled if their information was stolen.
With out a SSL certificate some types of form mail can be intercepted (stolen). Oh sure there is some from code that's stronger then others but hell do you really want to take that chance?
Google announced that it wants to make the internet more secure. Which means if your site has a login or is an eCommerce site it will require a SSL certificate by January 2017 to comply with Google's chrome 56 browser update.
And if your site does not have an SSL certificate and someone is using google chrome as their browser a "Non Secure" warning will popup on your site.
Now you can imagine someone visiting your website and you're not sporting an SSL certificate and this big ass warning pops up?
I bet it's safe to say many of your visitors are not going to stick around. And I'm sure all the secure sites in your niche will quietly thank you for their new website traffic.
Now this warning currently only appears if a non secure site is collecting passwords or credit cards. But it's also been mentioned that any non secure site that has a form - a similar warning message will pop up.
So moving forward even if you never plan on taking payments on your site - your site will be marked as non secure and your visitors will see this warning.
But Not Only That...
It goes without saying having a warning pop up on your site is not going to help you moving forward with your buisness.
Here's the other reason having a SSL certificate is a good thing. It benefits your sites overall SEO. So how does it do that?
Simple - better ranking is the SERPs. (search engine result pages)
Search Engine Land stated on their site way back in 2014 that Google said having a secure site in the future will give your website a better ranking signal. Now this is a low signal, it's a signal non the less. Every little bit helps when it comes to ranking your site.
So this means that sites that are not secure will not have the benefit of this ranking signal. And to me that says those non secure sites will loose ranking and secure sites like mine will gain ranking.
Sounds pretty good to me.
Ok, Where Can You Get A SSL Certificate?
You'll find that your hosting provider will have SSL certificates available to you. And depending on who your host is will determine the cost of the certificate.
For example if you're hsoting with Go Daddy a single SSL certificate will cost you $100 per year. Or you can protect up to 5 websites and that will cost you $218 per year. You do get a discount when you purchase your certificate for the first year.
Now if you host with Hostgator you can buy a single certificate for $40 or you can buy 3 certificates for $80 per year.
As you can see just buy those 2 examples the prices vary big time.
Installing Your SSL Certificate
OK now that you ahve your certificate how do you activate and install it?
There are 2 steps to activating your SSL certificate. The first step is done by your host. It's your host that installs the certificate on to your domain. You can do it yourself but I don't recommend that - let the experts do it for you that way you know it's been done right.
The second step is configuring the certificate on your website. Some hosts will do this for a fee or you can use a plugin for wordpress sites called Really Simple SSL. This is the plugin I used after Hostgator recommended it after they installed my SSL certificate.
You can use the free version but I do recommend paying for the pro version ($59) as it has features that make the migration of your site from non secure to secure very smooth. Plus you have support from the plugin owner Rogier Lankhorst.
Once your site is ready to be migrated it's just a matter of a click of a button inside the really simple ssl plugin and your site is now automatically re-directed to it's secure setting.
So even if someone types in your non-secure domain URL they will be taken to your secure site. This also applies to any links that may be on other sites. So don't worry you don't have to track down those links and change them. Everything re-directs to your secure address.
Don't Forget To Do This
Once your site has been migrated to a secure setting don't forget to update this information in your Google webmaster tools dashboard and to update the setting in your Google analytics.
Update Google Webmaster Tools
Get into your Google webmaster tools dashboard. In the top right corner click Add property.
A popup will appear. Now enter your secured domain name and click Add.
Once you do that you will need to verify your website. Choose any one of the options on the next page. Personally I always use the Domain name provider, it fast and easy. Once your site has been verified it will be added to your webmaster tools dashboard.
Here's the 4 simple steps from Google support for adding a new property to your webmaster tools.
Updating Google Analytics
Changing the the protocol in Google Analytics is really easy. Simply get into your analytics dashboard. And then in the left hand sidebar click on Admin. You'll find it at the bottom of the sidebar.
Once there under the Property column first choose the property (website) you are updating. Now click on Property Settings.
It will open up and then you simply change the default URL to the HTTPS setting. Make sure to save your settings. You'll find the update settings button at the bottom of the page.
How Would You Like A Free SSL Certificate?
On January 3, 2017 the wealthy affiliate announced a new feature to it's ever growing business platform. It announced free SSL certificates on it's SitePlus+ platform.
Now if you're not familiar with the wealthy affiliate you can learn all about it here.
But in a nut shell the wealthy affilaite is a all in one online business building center. Everything you need to build a success online buisness is under one roof.
Free training, hosting, 24/7 support and as mentioned free SSL certificates and so much more. And it's a community I'm very proud to be a member of.
In fact, since 2012 I've been helping people just like you build and grow successful online businesses with everything the wealthy affiliate has to offer.
If you're ready to start building your online business you can check out everything the wealthy affiliate has to offer for free. No commitment, no credit card. Just create a username and password and your in.
If you haven't migrated your site to a secure site, it's something you'll want to jump on right away. You certainly don't want to hold your online business back by not doing so.
I hope you found this post helpful. Of course if you have any comments or questions you can post them below. And if you really like it, share it with your audience. Really I don't mind.
I believe in you!