Does My Site Need SSL?

One of your most important responsibilities as a site owner is to ensure your users’ data and privacy are secure. Additionally, you want your site to rank well in search engines and have high conversion rates. SSL, or Secure Sockets Layer, are the first step you can take towards accomplishing all those goals.

What is SSL?

Whenever you are browsing the internet, data is being sent between your computer and the server the website you are visiting is hosted on. This data has to pass through a variety of networks and connections such as the local Wi-Fi network you are connected to and your internet provider’s servers. By default, this data is sent in readable, plain text. So, your username and passwords, credit card information, address, and more are sent through all these connections in plain text like in the image below.

So, if a user with malicious intent was connected at any point in the connection, he or she could see your information. For example, if you are using the free and open Wi-Fi at a coffee shop then everyone else also using that Wi-Fi could have access to your data.

This is where SSL comes in to save the day. When you visit a site that has installed an SSL certificate, the connection between your browser and the server is encrypted as demonstrated in the image below. Instead of having all of your data sent as plain text, the data is now encrypted causing it to be much more difficult for hackers to get into your data.

In most browsers, you will see an “https” in the URL of the website as well as a lock icon which indicates you are accessing the site using a secure connection. Luckily, according to Let’s Encrypt Stats, almost 80% of the web is now using secure connections.

What assists in this process is something called a “security certificate” or “SSL certificate”. This certificate allows browsers (and users) to verify that the server is who it says it is as an extra way to ensure the connection is secure and reliable. These certificates are issued by Certification Authorities (CA) who are organizations that work with browsers to ensure all certificates are valid and verified. You can check a security certificate in most browsers by clicking on the lock icon. If you want to learn more about certificates, check out this great post on the Spread Privacy blog by Duck Duck Go.

SSL on the Web

Way back in 2014, Google announced that they will begin ranking sites with SSL higher than sites without. So, you can improve your SEO just by using SSL. Then, in 2016, several browsers began adding a “Not Secure” warning on pages that had password or credit card fields that did not use SSL.

Around the same time, we began to see the rise of the Let’s Encrypt initiative which is sponsored by many partners such as Mozilla, Google, and Facebook. Let’s Encrypt allows any developer to quickly set up SSL certificates for free which allows many hosting providers to offer them for free. In fact, most of the highest rated hosting providers for WordPress, such as SiteGround and Flywheel, offer SSL for free for all of your sites.

Starting in the summer of 2018 (this year, as of this writing), several browsers will begin showing that “Not Secure” warning on all sites that do not use SSL. As a user, if you come across a site that has a warning telling you that the site is not secure, you will probably trust that site less regardless of if the there is anything to purchase or not.

Getting SSL on Your Site

The easiest and best solution for getting your site to use a secure connection is to reach out to your hosting provider. Many good hosts offer SSL for free and will set it up for you once you ask. Others will charge for the installation process which can range from $10 USD to $100 USD. If you are on a self-managed hosting plan or a VPS you control, you will have to purchase an SSL through a 3rd party, such as GoDaddy or Digicert.

If you want to keep your user’s data safe, improve your SEO, and improve your site’s trust, then you should use an SSL on your WordPress site.