There has been a lot of talk lately about SSL. It is being replaced by talk about GDPR, but that is a story for another post. If you have been asking what is SSL anyway then this post is for you.
First MY Thoughts On SSL
Secure Socket Layer (SSL) is a technical protocal for encrypting information being passed from website to broswer or the other way round. You should understand this does nothing to secure your computer and it does nothing to secure the actual website you are connecting to. Both are just as open to hacking as they were without SSL.
Personally, I object to the way Google, and many browsers, are holding website owners hostage in order to get them to install SSL, even if they do not actually need it. Of course, it is not at gunpoint but it is at what we might call SERPpoint -- at the risk of getting lower search results if you don't comply.
What Is SSL?
SSL encrypts (and decrypts) the data (information) travelling over the Internet between website and browser (or browser and website) so, should it be intercepted by a hacker it will be meaningless and not useable. The thing is, incercepting a particular piece of information is difficult to do and hackers with the skill to do so may not be likely to waste their effort on smaller websites.
And, if your website does not collect personal information -- ie: your is a blog or an information site -- then there is no information that needs securing. The "hacker" could just login to your website and read the information there.
Yes, if you collect credit card numbers or other personal information you want to have SSL active but you probably need to have other security functions in place as well. For example, if you collect credit card number, even just to pass them along to a payment processor, you need significant investment in a program called the Payment Card Industry Data Security Standard(PCI DSS).
It is easier and safer to use an off-site payment processor, like PayPal, where the SSL is provided by them and all necessary information is passed through their site/server and not yours.
All that said, Google, in their wisdom, has decided that you are not capable of thinking it through or making the right decission. To protect you from yourself they are making it "manditory" for everyting to have SSL or risk lower search results and, perhaps, other punishments yet to come.
While I seriously object to this heavy handedness, I do see some benefits off SSL and, frankly, have given in to the presure Google exerts on us all. Keeping better search results is important. The thing is, there is so much false information floating around about SSL that it makes it hard for people to find the truth. I read a post today by a relatively knowledgeable and serious blogger. These poins were presented as reasons for getting SSL:
- Improves the speed of your website.
- Visitors' experience becomes better on an https website.
- A better ranking in the search engine.
- You will be seen as a trustworthy brand.
- Google won’t brand you as “Not secure.”
The last three are factual and worth consideration. The first two, however, stretch the truth a little... or a lot!
Improves The Speed Of Your Website
There is no actual speed benefit to having SSL. The certificate isn't about site/page speed at all. In fact, in a very minor sense, the processing it requires for each transfer request may actually slow your site a little (hardly measureable in most instances).
Visitors' Experience Becomes Better On An https Website
Again, there is nothing in the SSL process that improves the User Experience (UX) factors of your website. It just does not work like that. The only possible UX experience may (and I say may here!) be the psycological feeling of well being if the user knows what SSL is and even notices that you have it.
The Google Gods Have Spoken
There are many sites that need SSL along with other applicable security measures, but it all comes down to this: YOU need to get an SSL certificate for your site whether you need it or not because your search results depend on it.
There are both free and paid solutions for this and some are quite pricey. You will want to shop around and be sure you are getting something worth what you are paying for it. You can install the certificate yourself. Google how to do it. But if you are not techie, or you would just rather have someone knowledgeable take care of it for you, then reach out to a professional.