Is it Time to Install an SSL Certificate (https) on Your Website?
Now may be a better time than ever to install an SSL Certificate on your website, and if not now, then sometime in the near future would be wise. An SSL (Secure Sockets Layer) certificate is a digital certificate that encrypts all information passed between a website and web browser, ensuring that all information is secure and private. It prevents hackers from accessing important information, such as credit card numbers, social security numbers, or website login information.
In addition to the security benefits of https, Google will soon be penalizing websites that are not running on an SSL Certificate, giving website owners more incentive to switch their websites to https. In January 2017, Google’s Chrome web browser will begin identifying websites as “Not secure” if they do not have an SSL Certificate. Initially, this will only be for websites without https that are e-commerce, collect credit card information, or have user logins.
The big question to be answered is, will every WordPress site be marked as “Not secure” since they have a built-in admin/login area?
According to posts from Google and various SEO blogs, Google is making changes to their Chrome security notifications in hopes of encouraging all websites to have an SSL Certificate in the future. The Google Webmaster Central Blog states that as of 2014, Google started factoring https into their search algorithm as they rank websites, but for the time being it is a very minor factor in their formula for determining website ranking. However, they may make https a more substantial ranking factor in the near future as they encourage websites to transition to having SSL Certificates.
So, Should You Set Up Your Website With https?
A) Yes, do it now.
- If you collect payments or credit cards on your website (rather than through a third party payment processor like PayPal).
- If you have a login page and login credentials for you and/or your visitors. If you have a WordPress website, you should note that all WordPress websites contain login pages, and it is not known if Chrome will flag every WordPress site that does not run on https. This can be a wait and see if you have a basic WordPress site.
- If you have contact forms that collect a lot of personal information from website visitors (they will most likely prefer that the information is sent over an encrypted url).
B) Yes, do it now.
- If you are a forward thinker and like to stay ahead of the rush.
- If you have a business website where your visitors would be reassured by seeing the green https lock in the web browser.
- If you want to gain an advantage over your competitor websites with https SEO benefits.
C) Wait and see.
- If you have a simple informational website and want to wait until 2017 to see if Google classifies your site as “Not secure”. In this first round, not all sites without an SSL certificate will be identified as “Not secure”.
- If you just don’t mind not having an https site.
This year, for all the new websites I have built, I have set them up on an SSL Certificate from the beginning. You can view how the url appears with the examples below.
Questions or thoughts? Feel free to contact me, John, at firstname.lastname@example.org or 360-961-5033.