SSL (Secure Socket Layer) Certificates have been a recurring topic in the tech community lately, mostly because of Googles actions to attempt to make the web more secure. When a site is sent over HTTP, all data is sent between a server and web browser in plain text. When an SSL Certificate is used, this data is encrypted. In this article we will discus the potential benefits of using an SSL Certificate on a website.
While this is the most obvious benefit of using an SSL Certificate, it isn’t something that should be taken lightly. Is your website taking in potentially sensitive client/customer information through things like a contact form? If you’re not using an SSL Certificate, someone with the right technical know-how can see all of the info that is being submitted.
That little lock icon can go a long way in the realm of trust. Think about it, would you ever sign onto a bank’s website or enter your credit card information on an ecommerce site if you didn’t see the lock icon? I know I wouldn’t, and even users with not a lot of technical knowledge know this as well. If you would like to build trust with your users, one way could be to implement SSL. There have been a number of Case Studies showing that can increase measurably while using SSL, especially when using EV (Extended Validation) SSL. An EV Certificate requires extra steps to get verified and costs more than normal SSL, and usually displays a business’s name in the browser bar, like so:
Google has recently announced that they will now begin to give rankings boots to sites that use SSL. While studies have shown that there is very little rankings benefit from installing an SSL Certificate, there is undoubtedly some improvements. Also the head of Google’s webspam team, Matt Cutts has stated that he would like SSL certificates to weigh more heavily on rankings in the future.
Extra Credit: SHA-1 vs. SHA-2
One thing that you’ll have to decide when purchasing an SSL Certificate is which SHA (Secure Hash Algorithm) to use. Again, Google has made this decision easy for you. In early September, Google announces that they will depreciate support for SHA-1 SSL Certificates because of security concerns (SHA1 is becoming easier to crack). Starting this month, Google Chrome will start issuing warnings for SHA-1 certificates that are valid after January, 1st 2017. This is part of their pledge to try to make the web more secure. Good news is that you have more than 2 years to figure this out, but don’t wait. All reputable SSL Certificate issuers offer SHA-2 certificates.
If you are serious about your website’s security and the privacy of your customers, I would definitely recommend you install an SSL certificate on your website. You can see that WP Temple uses SSL, I was able to get it up and running with our web host, WP Engine in less than an hour, and it costs less than $50/year. If you are looking to get an SSL Certificate for your website, here are some issuers that I recommend:
Standard SSL Certificates:
- Rapid SSL – from $49/yr
- Comodo – from $64.95/yr
- DigiCert – from $179/yr
Extended Validation SSL Certificates
- Comodo – from $359/yr
- Digicert – from $295/yr
- VeriSign – from $995/yr