Our clients often ask us about the benefits of having an SSL certificate for their website, or if they even need one in the first place. While it certainly isn't a requirement in most cases, the short answer to the question "Does my website really need an SSL certificate?" is usually "Yes" - and here's why.
Scenario 1: Standard website with no payment gateway and no secured links
For a site like this, while no sensitive information is being shared, we still recommend having an SSL certificate for your site to increase your visitor's confidence and trust in the website, and therefore your company or organisation, as well as the small SEO boost you receive from your site having an SSL certificate installed.
We recommend: Cloudflare's Free SSL service is a good option for this type of website, but requires making changes to your domain's nameserver records.
Alternative: Our SSL Certificate and Installation service is an alternative if moving your nameservers isn't a viable option.
Scenario 2: Standard website with no payment gateway, but contains a link to a secured service
Sites such as this are the most likely to be seen as not needing an SSL certificate, when, in fact, they can often be the sites which need it most. As the site does not have a payment gateway, and doesn't collect any sensitive information directly on the site, operators often feel that no SSL certificate is required. However, your site may have links to an online Support Centre or Remote Support tools - those links are most likely to be HTTPS, and because your site doesn't have an SSL certificate, the page containing the links to those services are being sent in plain text over an insecure connection, which means they can be modified as part of a man-in-the-middle (MITM) attack. If the target address of a HTTPS link is changed, users may not notice, especially if the difference is subtle - can you tell the difference between google.com and gӧogle.com by glancing at a link address in the hover preview at the bottom left of your browser? How about the Latin characters "e" and "a" and the Cyrillic "е" and "а", also in a link address? They're easier to spot in this page due to the fonts we're using here, but on other pages, or in a link preview, not so much. Even if you can, your visitors may not be able to.
Phishing attacks such as these are becoming more and more common, and effective, and an easy way to help prevent it and protect your site, your staff, and your users, is by using an SSL certificate. As above, seeing an SSL certificate on the site also gives your clients a sense of trust in using the website or support services, and, again, also gives you a small SEO boost.
We recommend: A standard Domain Validated SSL certificate - our SSL Certificate and Installation service is an easy-to-use and affordable option.
Alternative: Cloudflare's Free SSL service is still suitable for this, but doesn't offer the same degree of encryption.
Scenario 3: Online store with a payment gateway and links to secured services
Sites which deal directly with payment details and sensitive and personal information, such as online stores, or sites with membership services, such as some legal or healthcare sites, should always have an SSL certificate installed. This helps protect your visitors and your business from any potential breaches of payment or personal information, as well as increasing the level of trust your visitors have in the site, and providing a small SEO boost. Thankfully, many businesses and users now know that online stores should have a degree of security - even non-technical users are aware that they should look for a padlock symbol in the address bar to make sure their data is safe - which makes these types of websites more likely to already have an SSL certificate set up. However it's good to keep it in mind that this shouldn't be seen as an optional addition to your website - it should be a priority.
For websites such as this, we'd recommend at least a standard Domain Validated SSL certificate, which our SSL Certificate and Installation service provides, however you may want to consider an Extended Validation certificate to provide an additional layer of security and confidence for visitors - this will also show visitors a prominent green addition to the address bar in most browsers, verifying the legal identity of the website.
We recommend: Our SSL Certificate and Installation service is suitable and provides a standard Domain Validated SSL certificate.
Alternative: An Extended Validation certificate from a Certificate Authority of your choice, which we can install for you as part of our free SSL - Installation Only service.
I hope you found this guide useful, and if you do have any questions about the use of SSL on your Pronto website, please get in touch - we'll be happy to help!