Do You Need an SSL Certificate for WordPress Website?

Does your Chamber website need an SSL certificate?

A lot of people, when they’re surfing the web, may not pay much attention to what precedes the URL in the address bar of their web browser although most people do at least know to look for that little green lock icon (which is synonymous with an HTTPS page) when they’re inputting credit card details on a website. This little green lock indicates an SSL certificate for WordPress has been installed on the site.

If you’re really astute, you might have picked up on the fact that more and more websites these days are starting to have that little green lock icon in front of their URL, even if they’re not ecommerce sites.

You might be wondering why that is and whether or not your chamber or membership association website should have an SSL certificate for WordPress as well.

First things first – what is the difference between http:// and https://?

When you have an SSL certificate installed on your website, that’s what gives you the https:// in front of your website address as opposed to just plain http://.

An SSL certificate for WordPress is essentially some extra bits of data that sit on your website and encrypt the information flowing between your site visitor’s computer and your website so that nefarious beings can’t intercept and read the data.

It’s a little bit like when your grandma used to send you a $5 bill in the mail. She would tucked your crisp bill inside a greeting card so no one could tell that there was money in the envelope and rob you of your much-deserved cash. 

An SSL certificate gives you that extra layer of protection around your website so that say, a hacker, can’t see what’s being transmitted and try to steal it.  

Why an SSL certificate for WordPress is important even if you don’t sell things

It used to be that you really only needed and SSL certificate if you were running some kind of ecommerce website and needed to ensure that a customer could safely and securely enter their payment information on your site.

But something has shifted over the past year – Google got serious and, in a big brotherly way, (that wasn’t entirely misdirected) decided to ”strongly encourage” everyone to use SSL certificates on their site, mainly as a means of making the web a safer place in general.

Google sets deadline for HTTPS (external link)

Where they’re really super serious about it (and actually exerting more than a little pressure) is if you have any kind of web form on your site – not just payment forms – meaning there’s some place for a visitor to actively engage with your site beyond just reading and clicking links. This might be something like an email optin form or member login form or a signup form for volunteers.

Google, like your grandma, wants to make sure no one except the intended recipient of that data (your website) gets to see it, so they’re now telling folks know that pages where you might enter that kind of information are not secure if there’s not an SSL certificate present.

Site Not Secure: Does your Chamber website need SSL certificate for WordPress?

The other thing to be aware of is that Google is factoring SSL certificates into their search engine rankings, so sites that have an SSL certificate for WordPress are now showing up higher in search results than sites without. 

So does the whole world knows your site isn’t secure now?

Don’t panic. (Google’s sweeping decisions about what they deem best for the world wide web do tend to cause panic in the tech community, but it’s rarely as dire as most people make it out to be. Not saying it’s not important – just saying it’s not panic-worthy at this point.)

First, like we mentioned above, it’s a minor notification in the address bar, and it is currently only showing up on pages that have something like a login form where there’s a username and password to be entered.

Secondly, the visible stuff in the address bar about a page being Not Secure is mostly confined to Google Chrome. Firefox shows a little lock with a line through it.  Safari and Microsoft Edge (aka Internet Explorer) don’t currently single out non-SSL sites but they are sure to follow suit at some point.

So what’s a responsible WordPress website owner to do?

If you’re building your brand new association website, chances are extremely high that it will be built as an https:// site. Most web hosts these days are making an SSL certificate for WordPress available by default for free or relatively inexpensively, so all you need to do is set this option to on. No worries there!

If your site has been around for a while and you weren’t selling things on it previously, in all likelihood you need to look into getting that certificate added to your site because Google definitely cares.

Contact your web host to see what options you have available to you to make sure your member businesses and your community members can all browse your WordPress website safely.