An SSL certificate (simply put) is a method of verifying that browsing on a website is secure. The famous green padlock (seen on the top left of a browser) shows you in one glance that you can safely trawl around to your heart’s content and not worry that your data is being stolen. Generally it has been on websites that your credit card details are entered where it has gathered the most attention and urgency, but lately most websites are now being prompted to add encryption.
Google recently (perhaps around May 2018) started getting the world going by saying it will affect a website’s ranking if you do not have one, and so many complied. In years hence it was very expensive to have one, and it was largely the big players who had them on their sites. Today, anyone can get one and often for free. Some tips from my side follow below:
Ask your host for one. Hosts often can simply add one to your site and make your website secure on their side. Depending what type of site you have will depend how easy it is for them, and if they will do it free and quickly. 99% of sites are pretty simple and it should be a breeze. If they can’t do this, then consider paying the hosts, or moving to hosts that offer it freely, or do it cheaply.
Let’s Encrypt. These guys made it possible to get free SSL certificates, hence the reason hosts should do it for free. You can look them up and read how you can get your own certificate. Note the differences between a shared SSL certificate or your very own one. The latter often being something you pay for.
Wildcard SSL. While we are here it is worth noting that it is possible to get your domain (let’s say “www.john.com”) certified but a subdomain like plain old “admin.john.com” (or just the “.john.com”) might not be secure in the World Wide Web’s eyes. With a wildcard SSL it encrypts everything before the root domain (root being in this case “john.com”) and will look like “*.john.com” – the star signifying any potential character/s before that root domain.
Cloudflare. I have often used this as a quick fix for clients, and for some of my websites. A CDN (Content Delivery Network) they essentially are a façade/bridge between users and your website and so they can make sure everything that passes through their service is encrypted. Useful analogy: imagine you post a letter to Brussels, and at the airport someone puts it in a sealed envelope and adds a stamp “Cloudflare Protected” to it until it arrives at the destination, where the end user opens the envelope. Pretty average analogy but the idea is that between your server and the end user, someone/something has made sure the contents are secure, and approves it with a “stamp” of sorts. Get set up with them in under an hour with this super handy guide. Best of all: you also end up with a CDN so your content is better served worldwide!
Advanced Users. You also have the option of learning to make your own certificate and upload it to your own server. It’s really just a glorified password, and not rocket science. I’d just not recommend this if you can do one of the steps above in a tenth of the time. Heard about 256-bit encryption? Again, in layman’s terms it is like having a 256 bits in character length password someone must work out. Except where do they start…?
In summary, is SSL necessary? No, you will survive without it. Unless you are in e-commerce, then certainly not. But, at some point it will become mandatory for every website and so why not do it now, when it’s free and easy, and help your SEO score a little, too.