It wouldn’t be a normal week without something in the world of the Internet changing. This time, there’s even more pressure added for website owners to secure their sites with SSL certificates.
What are SSL certificates? A certificate shows website visitors that your website uses a secure encryption protocol. When you have SSL, every click and every keystroke is encrypted as it goes over the air and over the wires. No one but you can see the information you enter on secure forms or what you click on secure websites.
In the past, SSL was primarily used on sites that dealt with confidential information such as financial information or health records. With increasing concerns over hacks and attacks, it makes more and more sense to consider an SSL certificate for your website, whether you have sensitive information or not.
Editor’s Note, June 2020: The info in this article regarding SSL functionality is all still very relevant; however, web standards have changed quite a bit over the past 4 years. Look out for the bolded notes throughout this article!
Big tech companies are making the switch
In the past, it was ok to rely on the SSL of your ecommerce and payment processing provider such as PayPal and WooCommerce. Recent updates to PayPal effectively require you to have SSL and use HTTPS encryption even if you are using WooCommerce, Gravity Forms and other online selling tools. The PayPal change is likely preparation for playing nice with Google’s call for “HTTPS everywhere”. Not only is this still very true, many third-party plugins and APIs are now requiring the use of an SSL to encrypt traffic to and from their service / platform. If something has stopped working and you do not have an SSL, the case may be that it’s the plugin or API is pushing back on you.
Google has been suggesting these types of upgrades as far back as 2014 when they added HTTPS as a ranking signal. And there have been a ton of hacks and scandals with big companies since. So, it’s no surprise that big players like PayPal are requiring their customers to get on board with encryption. To add to this, Google has started flagging and taking down sites that gather unencrypted information.
How your web address will change
Today, the address for your individual pages probably look like this: http://www.yourwebsite.com. A website that is protected with an SSL certificate will include the HTTPS designation. Your new address will be: https://www.yourwebsite.com.
You will need to create special 301 redirects for all of your pages to make sure records of the old address all serve the right pages. Not a big deal, but one that your website hosting company or IT professional will need to help you with if you’re inexperienced with server technology.
Want more info about SSL? Read our summary for a quick primer.
What does an SSL Certificate Cost?
The cost of certificates overall is pretty reasonable for such a valuable tool. Here’s a quick summary of what you might pay at four popular web technology companies. Note that in 2020, many hosting companies are including Let’s Encrypt certificates baked-in to their hosting cost. Be sure to examine the details before hitting purchase!
GoDaddy offers a variety of packages to fit all kinds of companies and sizes. If you just have one domain name, you can purchase the certificate annually for $69.99. Of course, like most other things in life, the more you buy the more of a price break you get. Consider a 3 year package for $167.99 or $55.99 a year.
So what happens if you have multiple domains or subdomains to work with? GoDaddy offers plans for that too. A yearly plan for 5 domains runs $249.99 a year, or an annual subdomain plan is $299.99.
GoDaddy sells certificates to anyone who needs one. You don’t have to host your website at GoDaddy to use a certificate purchased from them.
WP Engine offers a yearly package for each domain for $49.99. They support third party SSLs as well. They offer a package that covers a domain and all subdomains for $199.99 a year. If for example, your company has multiple divisions and you have a separate microsite hosted on a subdomain for each division, this package offers affordable coverage for all of them. They do not, however offer a multi-domain package for SSL.
1&1 offers SSL certificates in a variety of different packages. Promotional rates can range from $9.99 to $29.99 a month. The rates do increase after the 12 month promotional period is up. This is on the higher end of the pricing spectrum.
HostMonster offers a SSL certificate only on their premium hosting package. This package is offered at a promotional rate of $14.95 a month and after that their rates increase.
The cost of SSL is not a big reason to choose one company for your website needs or to make a switch. If you already have a website, simply purchase your certificate from the same company where your domain name is registered. That way they already have access to your domain name settings to help with certificate installation.
Do you need an SSL certificate? Not yet. But the next few years may bring events and circumstances that increase the risks for everyone browsing the web. By taking action now to move to HTTPS, you can be a part of the movement that secures the web and builds trusts with customers by ensuring encrypted communication.
Important Note: You may notice that Roundpeg has not adopted HTTPS yet. Don’t worry, we’re working on it. There’re some important preparatory steps when you make this move. Look for an update on our journey to HTTPS soon! We’ve been HTTPS since about 2017! This isn’t so much an option anymore. If you have a website, you need an SSL.