What is an SSL certificate and why do you need one?
In the past, SSL certificates were used primarily for e-commerce sites. They were put in place to help secure sensitive data being transferred across the internet. As communication across the web grew, so did the need for SSL certificates for many different uses and reasons. Still to this day, many site owners are running without one. If you see a site with HTTP at the beginning of their URL, this is a site that does not have an SSL certificate installed. If you see a little green lockbox with HTTPS at the beginning of a URL, this site is considered secure and encrypted.
Why should you care?
Over the past 2 years, many changes have been put into place that could dramatically affect your site. In 2014 Google initiated their push to make the internet a safer and secure place to search, also known as the “HTTPS everywhere” movement. In fact, they took it to the level of giving favor to sites with HTTPS in their ranking algorithms.
PayPal has also joined the push for SSL certificates. Depending upon how you were using PayPal with your site, you may or may not have been required to have one. Their original date of requiring all users to use HTTPS on their site has been pushed off, but that doesn’t mean you don’t need to take the steps to make this happen on your own site.
What are the pros and cons of installing an SSL certificate on your site?
The biggest con of installing an SSL certificate is increased page load time. Since your site will need to go through extra steps for the encryption to happen, your site may lose a little bit of its overall load speed. The good news is that there are a handful of things you can do to your site to improve its speed in general.
The pros of adding an SSL certificate, at least in my opinion, far outweigh the cons. If you somehow got past the Google ranking algorithm and find your site on the first page, yay for you! But don’t get too excited yet 😉 Once the visitor clicks on the link from Google to your site, they may be greeted with a page warning them that your site is not secure. Something a lot of people will easily click out of and go back to searching for another site that is considered “safe”.
If you decide to install an SSL certificate on your site, there are a couple of ways you can do this. Most hosting companies offer SSL certificates for a yearly fee. Another option is the free SSL certificate authority, Let’s Encrypt. Not all hosting companies are set up for this. Siteground (my favorite hosting company) has easy Let’s Encrypt installation in your hosting dashboard. Once the certificate is installed, you will need to configure your site. You can do this by updating your settings and adding a few lines of code to your .htaccess file. There are also a couple of plugins that will make the task a little less daunting, WordPress HTTPS Plugin (this plugin hasn’t been updated in a long time, but is still highly used) and Really Simple SSL (my number one choice).
Note: You will need to install the SSL certificate into your hosting dashboard. Depending on the type of SSL certificate you purchased and your hosting provider, you may need to contact your hosting company for help with this. Once the SSL certificate is installed, you can proceed with the Really Simple SSL plugin.
Whether you decide to install one or not is definitely up to you. Here are a couple articles that discuss this topic in greater detail.
EDITED 8/13/2018: It’s been 2 years since I wrote this post. More and more I come across the all too familiar warning screen. So much has changed in the push to move forward with HTTPS Everywhere. The momentum is growing at a faster rate than I think anyone ever expected. Wire dot com wrote a great article last month that discusses the current movement of HTTPS Everywhere and how it is changing the world wide web.