A helpful guide to SSL – What is it? And do you need it?
You can tell that a site is secure by checking if a padlock is displayed on the address bar. You may also have spotted the extra ‘s’on some URLs – so if it shows https:// it’s a secure website. If it shows http://, it’s not secure.
Do I need SSL?
SSL is only required if you are collecting sensitive information, such as asking your users to log in, or accepting payment during checkout. However, there are many benefits to having an SSL certificate even if you don’t collect sensitive information.
Not all E-Commerce sites require an SSL certificate. If your only payment processor is PayPal, then they have an option for visitors to be automatically forwarded to PayPal’s secure payment page before being returned to your checkout page.
However, if you don’t want to forward clients away from your website, and you want to collect the payment information within the same checkout page, then you will need an SSL certificate.
Benefits to an SSL certificate.
- Sensitive information is protected
- Shows your viewers your website is trustworthy
- Boosts Google search ranking
- Increases visitor loyalty
- Makes your website faster
Protect your sensitive information
Ensuring that sensitive information can only be seen by the website means anyone who’s attempting to “eavesdrop” your data, only sees nonsense.
By not having an SSL certificate, you are making your audience/customers vulnerable and at risk of an attacker being able to see and use the sensitive information.
An SSL certificate shows your website viewers that the website’s certificate authority has verified the website.
This would involve the website owner completing some verification processes. The procedures will depend on the type of SSL certificate you have purchased.
There are three types of certificate validation available to purchase at varying costs. These include: Domain Validation (DV); Organisation Validation (OV) and Extended Validation (EV).
The most common type of SSL certificate is Domain Validation (DV), which will suffice for the majority of websites. I will delve deeper into this topic in the future, but for now take a read of this blog post from ssl.com: https://www.ssl.com/article/dv-ov-and-ev-certificates/
Boost Google search ranking
As of August 2014, Google announced that having an SSL certificate on your website made a positive impact to your websites search ranking.
Improving your search ranking matters, it directly contributes to the amount of traffic your website sees, and therefore your potential audience/customers.
Promote visitor loyalty
A customer who knows their information is secure and protected are far more likely to keep coming back.
Makes your website faster
Once you have an SSL certificate on your website, a technology called HTTP/2 is possible, which allows your site to download each element of your website altogether rather than the browser making lots of requests.
You can read more here: https://searchengineland.com/everyone-moving-http2-236716
Can Google force me to use SSL?
Not directly, but as the main Search Engine, they can adjust the rankings to ensure your viewers don’t use your website.
Google have also announced that eventually they will change the padlock to be red, which will make the message even more prominent. It’s also likely that other browsers will follow in Chrome’s footsteps.
Produced by Cameron Stephen
Cameron Stephen is a full-stack web developer who specialises in LAMP/LEMP development, confidently working with PHP, HTML5 and CSS within a Linux environment. He prefers to work using the Symfony MVC framework with Doctrine as an ORM; Git as his version control system of choice and Composer as the dependency manager - but is also fully capable in WordPress-based web development, developing bespoke websites that are fully responsive, are well optimised and bug-free.