Up until recently, what I always said to clients about an SSL certificate was that it was important to have one if they were going to handle sensitive data, especially if they were going to take payments on their website.
As of this week, I am giving out very different advice:
You need an SSL certificate.
Why the change? Google has recently added a brand new security feature within Chrome that warns users on HTTP websites that the page isn’t secure. As for now, the warning only appears on non-encrypted pages that collect login or price information, but this could sooner or later be expanded to all HTTP pages.
You might think “so what? I don’t really mind if that happens to my site.” However if you add to that the fact that for some time Google has been giving a ranking boost to sites with a valid SSL certificate, then it starts to become clear that you should have one.
But this is all about Chrome, isn’t it?
Google’s Chrome browser currently has a larger market share than any other browser. Symantec reports that up to 73% of internet users pick Chrome as their number one browser. That’s a huge proportion of users, and it looks likely to grow further. So let’s say that it is all about Chrome (which it isn’t) then it still makes sense to get an SSL certificate.
Aside from Chrome’s update, there are a multitude of different reasons to install an SSL certificate and serve your content over HTTPS. With tens of millions of pieces of malware being discovered every year, it can be extremely difficult to guard your website from cyber attacks without the help of a 3rd–party security provider. installing an SSL certificate on your site is one of the best ways to ‘harden’ your data, and your users’ data, and protect it against attackers.
Why Google wants you to have one
HTTP pages aren’t as secure as HTTPS pages due to the fact they are not encrypted. That makes it less difficult for hackers to intercept login or payment information and can enable fraudsters to intercept the data travelling between a website and a user’s browser and take whatever information they want, including credit card details and private messages. So it really makes sense that as a user you should be warned about this if you’re not aware, and that’s exactly what Google has started doing with this new feature. Shielding the user from a potentially dangerous website reduces the chance that their data might be compromised.
HTTPS also has other advantages that site owners can benefit from. Look at the top of this page now. Depending what browser you’re using you may see a padlock, you may also see the word ‘Secure’ in the address bar. Even for users who are not aware of SSL certificates and what they do, seeing this is reassuring, and even on a subconscious level may lead them to spend more time on the site and be more likely to follow a call to action, make a purchase, and/or generally to trust the website owner.
Still not convinced?
Here’s the good news: you can now install an SSL certificate for free thanks to the lovely people behind Let’s Encrypt, an open source SSL certificate authority. Of course, you’ll need a bit of knowhow to do that. If you’d prefer us to take care of that for you we can for a small fee, just get in touch. It’s clearly worthwhile, so why wait?