It is up to you. However, if you have forms where people enter data; then it might affect your interaction with users if you do not have SSL (Secure Socket Layer) protection:
- people may not feel secure in entering information (do you feel secure entering information on a non-https site?)
- search engines are starting to flag unsecured sites (see more on this below)
What does SSL do?
An SSL certificate when installed on a website activates certain protocols that allows for a secure connection. Layers of protection might include:
- encryption to secure users activity so it cannot be tracked or their information stolen
- data integrity to prevent files from being corrupted when they are transferred
- authentication to protect against intrusion by non-valid entities and provide assurance to users there are checks in place so they feel more secure.
NOTE: How secure and what protocols depends on what type of SSL certificate you purchase. Obviously such as financial information requires more protection, personal details, etc.
How can you tell a site is secured?
You will see a lock and an “s” at the end of http (https://) as part of the web address.
If your site uses such as a PayPal button that links to and completes transaction on PayPal; then PayPal is generally securing the transaction on their site (your eCommerce provider might be providing a similar service where transactions are processed on their site and their site is secured). Check your ‘buy now’ links to make sure!
What does this have to do with search engines?
Google mentions “moving towards a more secure web” on their Security Blog.
Search engines such as Chrome (started flagging critical data collection previously as non-secure, and apparently in October 2017 will flag other aspects), Firefox (flagging unsecured pages), etc.
You may see this notice of “connection not secure” OR “parts of this page, such as images, are not secure” more often, as browsers/search engines change their policies.
Will it affect search results?
With Google yes, as they will favor secure sites to rank higher than those that are not secure. Here’s an excerpt from their Blog: We’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries … But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web. https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
You have options!
SSL isn’t necessarily required – just because search engines will be listing sites as “non secure”, web owners can easily check the safety of their site by running an online scan such as: https://sitecheck.sucuri.net/
If Google picks up on malware (if for example a site has been hacked or infected with a virus), there are also warnings that might appear, such as the following:
However it’s unknown if websites that are completely safe, but just do not have an SSL, will be displayed on Google search results similar to above but with an updated message such as “This site is not secure.”
If a URL without an SSL certificate is entered as https:// (and this message can be a little frightening, especially since not many people would think to scan a website to ensure it’s safety), you might also see this:
If an anti-virus program is installed on your computer, with safe browsing or browser protection enabled, the software would have their own variations on showing safe vs. unsafe sites. For example:
BOTTOMLINE … Investigate & decide if this would be a good time for you to add SSL to your website. SSL certificates usually have an annual cost. Sometimes service providers will offer lower 1st year fees, but subsequent years are at a far greater cost (you may be able to buy multiple years at once at the/a discount). Read the fine print!
IMPORTANT NOTES ~
- The above is for general information purposes only, not meant to advise in any way, nor does it include all relevant information. Consult your security advisor for details and/or regarding any situation pertaining to you, your company, and your electronic devices, computers, websites, etc.
- The links included here in no way imply endorsement of or by the mentioned entities. Readers must complete their own research and make their own decisions regarding suitable security measures and/or services for themselves.
Update June 14, 2018: This article might be of interest for those looking for further clarification and/or understanding of SSL.0