Our Blog

When Does your Site need an SSL Certificate?

By Heshy Friedman

SSL Certificates verify that website pages are secured with encryption when they process sensitive information. Whenever text or other information is sent through an online web form, it gets processed by the web page, and can be sent to a database, email, or additional pages for further processing. A database may also send content to be displayed on a web page.

If a page with a form or a page that displays data doesn’t have encryption, that information can be intercepted by unwelcome third parties who could compromise the data. Encryption is essential to prevent the data from being intercepted when the data is transmitted. Encryption works by making the information unintelligible and only decipherable by the receiving page. If a third-party intercepts data during a transmission on an encrypted page, it will be unintelligible jargon.

SSL certificates installed on websites provide this encryption to the pages, and ensure the security of data transfer between pages will be safe and impenetrable. These certificates will be crucial to any site that takes sensitive information, such as credit card numbers, social security numbers, or any sensitive login information.

If your website is a shopping cart website, or takes any sensitive information in any fields, an SSL certificate will be crucial for safety and security. Tech-savvy customers will refuse to place any information or make any orders if they don’t see an SSL lock or browser indication that the pages are SSL-encrypted. Further, data breaches resulting from unsecured page processing sensitive data can be catastrophic to a business. Websites that also retrieve sensitive information off a server will also need to be secured when posting the information on a web page for browsing.

Many websites that have customer portals or other logins, even those without sensitive information sent or received from web pages, also have SSL encryption. Although not required, this is good practice and reassures system users.

Informational websites that do not have any data transmission can be left unsecured without SSL. There is no need to spend the extra costs on the certificates and the dedicated IP’s that are required for hosting sites with SSL certificates. Additionally, website security companies such as Sitelock charge additional for Firewalls that are on dedicated IPs and, which will further increase unnecessary costs.

As far as securing WordPress standard websites that don’t take sensitive information, SSL is good practice but not required for most small companies. The only issue would be the login which could be intercepted without SSL, but it is unlikely for hackers to deliberately try to intercept an unsecured WordPress login event. Most of the WordPress hackers are busy with their automated bots that find outdated or vulnerable WordPress websites to prey on, so from a security standpoint the issue isn’t really SSL but rather keeping the site updated regularly.