Do I need an SSL certificate?
SSL ensures that traffic between server and browser is encrypted. It uses https instead of http and results in the familiar padlock and green address bar in your browser. You should definitely have one if you collect sensitive information (e.g. card details) on your website. Google says they now give a slight ranking boost to sites that use SSL. So even if you don’t collect sensitive data, it is likely to be a good idea to use SSL across your entire site. Contact us if you’d like to go SSL.
If visitors are seeing a message saying your site is insecure (or are warned that the connection is not private) when they try to browse your website, then you need to take action!
Most web browsers consider sites with an expired or non-existent SSL certificate as insecure and will block or warn users who try to visit that site. This protects users from insecure sites by warning visitors before they are sent to the site. Visits to insecure sites can be intercepted by a third party, meaning that information you exchange with the website (e.g. through contact forms) can be exposed.
So you need to secure your website with an SSL certificate to ensure that communications are encrypted, and there is no chance of a 3rd-party spoofing the website to pretend it is the original site.
I should already have an SSL certificate
If your site has previously been secured by an SSL certificate and is now showing as insecure, this suggests your SSL certificate has expired.
In this case, contact your web host immediately in case they have failed to renew the certificate.
If you purchased the certificate yourself, you may need to renew the certificate through your certificate provider and then send the certificate to your hosting company so that they can re-install it. Usually, certificates are renewed annually, and so if you can’t remember who your certificate provider is, you’ll probably need to check your emails from a year earlier!
I don’t already have an SSL certificate
A lot of web hosts offer free SSL certificates these days – for example, our SSL certificates are free if you host your site with us. Other web hosts may charge a fee for purchasing and installing a certificate on your behalf. This may cost from £10 upwards, per year. There is also some work to do to your website in order to fully configure it to take advantage of the SSL certificate. This is generally quite straightforward, but you need to be careful to do the work properly to ensure you don’t lose any website traffic!
You can check whether your SSL certificate is present and valid, and why your site is insecure, by browsing Why No Padlock and testing your website url.
Cost of SSL Certificates
SSL certificates can be free, or can cost many hundreds of pounds per year – mostly depending on the amount of insurance you need, and whether the certificate covers a single domain, sub-domains, or offers wildcard coverage. Clients hosting their sites with us get a free SSL certificate!
An SSL certificate is just one of the many factors that impact the cost of website ownership. We wrote this post on the real cost of website ownership a few years ago.
SSL Certificates protect your website
If you have a website where you or your customers can log into (e.g. WordPress), then having an SSL certificate is essential to protect your site from what are called man-in-the-middle attacks, where hackers can intercept your username and password when you log in.
Update 2018: Many browsers are now showing sites without an SSL certificate as insecure. This will have a negative impact on ranking position for sites without SSL.
If your site is insecure, and you would need some help configuring your SSL certificate to make sure it is done properly, please contact us.