Why your WordPress site needs an SSL certificate

SSL-CertificateThis morning Blue Host emailed offering me a free SSL certificate for one of my WordPress sites hosted with them. I’ve been meaning to add one to TapDancingSpiders.com but wasn’t in a rush. We don’t collect personal or financial information (comments are linked to Gravatar) and those certificates can be expensive. Sure we have affiliate links (like in this post) but that’s barely enough to cover hosting, let alone $100s to $1,000+ per year for an SSL certificate. So I was a tad excited this morning when Blue Host offered one for free.

What is an SSL certificate?

I’ve drafted this part three times to try and make it clear and non-technical. We’re marketers, not system admins or engineers. If you want the full detail on SSL certificates, the Wikipedia listing is rather detailed and technical. For everyone else, an SSL certificate is what make the lock or green light appear in the address bar on your browser, and adds the S to https in your URL. Sometimes it’s referred to as HTTPS, and the more technical is HTTP over TLS. The TLS stands for Transport Layer Security. Yeah, too tech.

Originally an SSL certificate was used to verify an e-commerce site. The domain ownership is confirmed to match the person requesting the certificate. Sometimes an email was sent to the address on the domain register as an extra means of confirming the ownership is all legit. Please note, that’s all just the ownership. A social engineering scam could be pulled on the site, but at least you’d know the site isn’t spoofing another or any tricky redirects are stealing your credit card number. It also encrypts the data between your website server and the visitor, so credit cards and information can’t be hijacked and stolen. You can see why I didn’t bother getting one for this site. I doubt you want to encrypt and hide the fact you’re learning about marketing.

Then in 2014 Google announced that HTTPS (or having an SSL certificate) was a positive ranking factor. That means all else being equal, TapDancingSpiders.com would rank lower than an equal website for the same search term, if they have an SSL certificate. They admitted it would be a small factor in the search relevancy algorithm, but a factor. Neil Patel, SEO legend, did some research and found that site with an SSL certificate did indeed rank higher.

Which explains why I clicked “install” on the link in Blue Host’s email.

Where to get an SSL certificate

Thankfully, Google’s change increased demand for SSL certificates, which increased supply and competition and brought down prices. While there are many different types of SSL certificates and companies offering them, most sites only need something basic. If you’re processing transactions or collating personal information, then I recommend you do more research to find the best option for you.

Your Website Host

TDS-SSL-CertificateAs I mentioned Blue Host has started offering free certificates. It’s a shared certificate and gives 256-bit encryption. From what I see, 256 is the lowest recommended, but most sites don’t need higher encryption levels. It’s a shared certificate, which is probably how they can offer it free. Again, trying to keep things simple, it’s verifying ownership of the web hosting domain, and the hosting company is sharing that authority with you. There’s also some hidden tweaking behind the scenes, so again if you’re collecting financial details please look at other options. It was one-click install, but it took a few hours to update.

I’ve been working on a client’s site hosted with Go Daddy and noticed Go Daddy offers free SSL certificates too. I’m not sure I can endorse their hosting, but they do offer the certificates. A quick Google search showed a few other companies do too, so check it out.

Let’s Encrypt

Let’s Encrypt is a free, automated, and open certificate authority. So they’re the people your hosting company could get you a certificate from. Let’s Encrypt is a service provided by the Internet Security Research Group. They set up a streamlined, easy process and publish the URLs of all sites they issued certificates to. While you may not want this level of openness, it does give your visitors a little more reassurance. I haven’t used them, but they’re sponsored by some big names in the internet world, including Automattic who build WordPress.

It’s too soon to see a benefit to TapDancingSpiders.com. We also cover so many topics that we don’t have an SEO strategy per se. We’ll see how this goes and if there’s an increase in overall traffic. At the very least, you know your learning is secure.

Share Your Thoughts