Do I need an SSL certificate for WordPress?

Do you need an SSL certificate for your WordPress site? Google says “Yes”!

Google’s latest initiatives means every website needs an SSL certificate

Starting in July of 2018, HTTPS will become the de facto standard protocol for the internet. That’s because Google, whose Chrome browser accounts for three out of every five internet users around the world, plans to start marking any website still served via HTTP as “Not Secure.”

So if you’re asking “do I need SSL for WordPress”? The answer is: yes, WordPress or not, you need an SSL certificate.

What does an SSL certificate do for my WordPress site?

An SSL certificate enables HTTPS encryption for whatever website its installed on.

Without SSL, the internet uses HTTP to transfer data back and forth. Unfortunately, HTTP isn’t a secure protocol, meaning anyone with a little bit of know-how can eavesdrop on your connection and even manipulate the data that’s being sent. An SSL certificate prevents this by letting your site form secured HTTPS connections with its visitors. This way all the data transmitted between your website and its visitors will be encrypted.

6 Reasons Your WordPress Website Needs An SSL Certificate

In previous years SSL certificates were used mostly for ecommerce and financial sites. But times have changed, and there are now several reasons your WordPress website needs an SSL certificate to enable HTTPS:

1) Boost Your Google Rankings.

HTTPS provides websites with a modest SEO ranking boost. Google rewards sites with a valid SSL certificate by ranking them higher.

2) Enable Advanced Browser Features.

SSL lets your website make use of advanced browser features. Firefox and Chrome only enable certain features, such as Geolocation, Webcam, Bluetooth, and Microphone on HTTPS urls.

3) Speed Up Your Site With HTTP/2

You need an SSL certificate to run HTTP/2, the faster, more powerful successor to HTTP. Using HTTP/2 can make your webpages load faster for users. This test shows the page load speeds improved by up to 15% when YouTube.com switched to HTTP/2:

4) It’s Now Industry Best Practice

Google, Mozilla, and other internet organizations now recommend that WordPress (and other websites) use HTTPS. Since Google has such an oversized influence on how successful your website is, it’s advisable for webmasters to follow Google’s recommended practices.

5) Avoid “Not Secure” Warnings

If you don’t have an SSL certificate on your WordPress site, Google will scare away your traffic by telling visitors your website is “Not Secure”. (51% of users say they’d leave a website marked not secure.)

6) Protect Your Website Against Hackers

SSL protects your website against hackers who are using man-in-the-middle attacks. Hackers can steal your WP Admin login details using a man-in-the-middle attack.

SSL/HTTPS stops hackers from intercepting your admin credentials.

Once someone has your WordPress credentials they have free reign to do anything they want to your site. They could host a phishing site on your domain. They could post tons inappropriate content. Or maybe they’ll just take the opportunity to draw graffiti on your homepage. That’s a chance you can’t afford to take. HTTPS blocks this attack, keeping your website secure against hackers.

In the past people used to think that you didn’t need SSL if you weren’t collecting personal details. Those days are long gone. Nowadays installing SSL is just part of doing business. It’s a standard– practically required.

What’s The Best SSL Certificate For A WordPress Website?

If your WordPress site is a small website that doesn’t handle personal information (like payment details) we recommend a Domain Validation (DV) SSL certificate. These are the fastest and easiest to setup. You can choose from a few different options:

• Need to only protect your main domain, eg mysite.com and/or www.mysite.com? You can get a standard DV SSL certificate.
• Need to protect multiple subdomains, like www.mysite.com and blog.mysite.com? You can get a wildcard SSL certificate that automatically protects an unlimited number of subdomains.
• Need to protect multiple domains, like mysite.com and myblog.com? You can get a multi-domain SSL certificate.