Do Bloggers Really Need an SSL Certificate?
The debate over the necessity of an SSL Certificate for bloggers is still raging and there seems to be no clear answer so far.
It’s one of the most unanswered questions floating around the blogosphere: Do you really need an SSL Certificate for your blog?
An SSL Certificate is designed to make sure a website is served over a secure connection to prevent a hacker from intercepting any data you transmit to or receive from the site. SSL stands for Secure Sockets Layer, which is the protocol that provides encrypted communications between a website and someone’s internet browser. SSL Certificates are typically installed on pages that require end-users to submit sensitive information over the internet like credit card details or passwords.
When it comes to sites that sell goods or conduct financial transactions, an SSL Certificate is essential: you don’t want your personal data or bank account information going through a non-secure server.
Many bloggers have E-commerce components to their sites where they sell products or services related to their blogging subject matter. Those sites should have an SSL to protect those transactions.
But do the rest of us need that SSL Certificate?
Despite many “experts” weighing in on the subject, there’s still plenty of disagreement out there.
The controversy began back in October 2014 when Google announced on its Webmaster Tools blog that it would eventually begin using the presence (or absence) of an SSL Certificate as a ranking tool in its algorithm. Google didn’t say — because they don’t want anyone to know — how much having or not having one will make a difference in your rankings.
Then, in September 2016, Google announced that starting in January 2017, they would mark non-SSL-Certificate “pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.”
The March 2018 update for Safari added the message “Website Not Secure” in red at the top of all browser windows that pointed to non-SSL sites.
As of July 2018, Chrome will similarly draw attention to unsecure sites.
The message is more than clear.
Websites that are not carrying an SSL certificate are being virtually vilified by browsers in an apparent attempt to “shame” web owners into compliance.
That’s not necessarily a bad thing: if yours is a site that collects sensitive information, by all means, that data should be protected. I’m certainly not disputing that.
But there’s a problem. As more and more websites — those that haven’t already — make the transition, the remaining sites are going to stand out like a sore thumb. And to those website visitors who don’t think about it, those red warnings might be enough to make them go elsewhere.
And if Google really does rank search results in favor of sites that have SSL certification, that’s another thing in its favor.
Do bloggers really need an SSL certificate? If there is no sales activity and no collection of sensitive data, probably not.
Should bloggers have one? Maybe. If they have the means to get one, and it’s affordable, it might not be a bad idea, even if all it accomplishes is getting those dire warnings off of the visitor’s experience.
My site now has one. It was something I was able to get through my current web hosting package and then I used the free and premium Really Simple SSL WordPress plugins. They were affordable and, even better, they did all the work for me so that all I had to do was to check my URL on a few different browsers to confirm that the green “lock” symbol is there showing that my site is secure.
You have to decide what you can live with for your blog.
But if its within your budget, it might be worth it after all.