Rate this article: (2 votes, average: 5.00)
Starting in July of 2018, HTTPS will become the de facto standard protocol for the internet. That’s because Google, whose Chrome browser accounts for three out of every five internet users around the world, plans to start marking any website still served via HTTP as “Not Secure.”
So if you’re asking “do I need SSL for WordPress”? The answer is: yes, WordPress or not, you need an SSL certificate.
An SSL certificate enables HTTPS encryption for whatever website its installed on.
Without SSL, the internet uses HTTP to transfer data back and forth. Unfortunately, HTTP isn’t a secure protocol, meaning anyone with a little bit of know-how can eavesdrop on your connection and even manipulate the data that’s being sent. An SSL certificate prevents this by letting your site form secured HTTPS connections with its visitors. This way all the data transmitted between your website and its visitors will be encrypted.
In previous years SSL certificates were used mostly for ecommerce and financial sites. But times have changed, and there are now several reasons your WordPress website needs an SSL certificate to enable HTTPS:
HTTPS provides websites with a modest SEO ranking boost. Google rewards sites with a valid SSL certificate by ranking them higher.
SSL lets your website make use of advanced browser features. Firefox and Chrome only enable certain features, such as Geolocation, Webcam, Bluetooth, and Microphone on HTTPS urls.
You need an SSL certificate to run HTTP/2, the faster, more powerful successor to HTTP. Using HTTP/2 can make your webpages load faster for users. This test shows the page load speeds improved by up to 15% when YouTube.com switched to HTTP/2:
Google, Mozilla, and other internet organizations now recommend that WordPress (and other websites) use HTTPS. Since Google has such an oversized influence on how successful your website is, it’s advisable for webmasters to follow Google’s recommended practices.
If you don’t have an SSL certificate on your WordPress site, Google will scare away your traffic by telling visitors your website is “Not Secure”. (51% of users say they’d leave a website marked not secure.)
SSL protects your website against hackers who are using man-in-the-middle attacks. Hackers can steal your WP Admin login details using a man-in-the-middle attack.
Once someone has your WordPress credentials they have free reign to do anything they want to your site. They could host a phishing site on your domain. They could post tons inappropriate content. Or maybe they’ll just take the opportunity to draw graffiti on your homepage. That’s a chance you can’t afford to take. HTTPS blocks this attack, keeping your website secure against hackers.
In the past people used to think that you didn’t need SSL if you weren’t collecting personal details. Those days are long gone. Nowadays installing SSL is just part of doing business. It’s a standard– practically required.
If your WordPress site is a small website that doesn’t handle personal information (like payment details) we recommend a Domain Validation (DV) SSL certificate. These are the fastest and easiest to setup. You can choose from a few different options:
Tip: you can get the lowest price on SSL certificates when you buy direct instead of through your hosting company.
Compare SSL Certificates