Do I Need An SSL Certificate For My Website?
You’ve probably heard of encryption, or seen the green address bar of an EV SSL certificate, and wondered "Do I need an SSL certificate on my site?" The short answer: yes, if you are asking for any personal information from visitors.
Most online shoppers are very careful and want to know that their information is safe. Using an SSL certificate provides two important things:
- Encryption of sensitive data like credit card numbers and personal information (name, address, username, password, etc.)
- Some assurance to your customers that you are trustworthy (the process of getting an SSL certificate can't guarantee this, but it can make it more likely which is part of the reason why visitors have this perception)
These are very important benefits and, these days, nearly every website should have an SSL Certificate. To find out if you need an SSL certificate for your site, answer these questions:
Is my site an e-commerce site that collects credit card information?
For most e-commerce sites, you absolutely need an SSL certificate! As an online merchant, it is your responsibility to make sure the information you collect from your customers is protected. This will shield you and your customers by making sure that no one can intercept and misuse their credit card information.
Your customers are providing you with very important and personal information that allows access to their hard earned money. If an identity thief gets access to your customer’s credit card information because you didn’t take the necessary precautions, it can be devastating to you and to your customer. Your customers need to know that you value their security and privacy and are serious about protecting their information. More and more customers are becoming savvy online shoppers and won’t buy from you if you don’t have an SSL certificate installed.
If you accept credit card information and store it in a database so you can process it using an offline POS machine or charge it manually on your merchant account’s website, then you definitely need an SSL certificate to secure the credit card data as it is transferred. You also need to be very careful with the data when it is stored on your servers. Learn more about PCI Compliance and SSL and the requirements of protecting stored credit card information.
Do I use a 3rd party payment processor?
If your e-commerce site forwards your visitors to a 3rd party payment processor (like PayPal) to enter the credit card information, they will encrypt the information but you will still want an SSL Certificate to protect login information and to look more trustworthy.
Do I have a login form?
If your users enter a username and password to login to your site without an SSL certificate, an attacker can easily see their username and password in clear text. This would allow someone else to impersonate your visitor, but it allows for a far more dangerous possibility: Because users often use the same password on many sites (including their bank accounts), an attacker can potentially compromise many other accounts. If you let people store a password with you, you must take responsibility for protecting it, even if the security of your own site isn't critical.
Mandy login forms are still vulnerable but yours shouldn't be. If you want to forego the SSL certificate without having to worry about securing the login information, you can also use OpenID, Facebook Connect, or another technology that lets users log in on a another site and return to your site. But you will probably want to get an SSL Certificate any way so users trust your site more. Learn more about creating a secure login form.
Do I need my own SSL certificate or can I use a shared SSL certificate?
Many hosting providers will include a shared SSL certificate that you can use instead of buying your own. As long as it doesn’t give any errors on your site, this will be great for securing login information or other sensitive information. However, a shared SSL certificate doesn’t provide as much assurance to your visitors because it doesn’t include your organization or website name in it and may display a warning.
In summary, if your website is a collection of pictures of your goldfish Rudy and doesn’t require visitors to log in, you probably don't need SSL. If you have a login form or handle personal information or just want to look more trustworthy, then you need SSL. If you run an e-commerce website where people provide you with credit card information directly on your site, you absolutely need SSL.
Do I want to look at trustworthy as possible?
While the main purpose of SSL is encrypting information, it also increases how trustworthy your site looks because of the many web browser indications. Google has also said that having an SSL Certificate may increase your PageRank so you're more likely to show up in their search results.
Where do I purchase an SSL certificate?
How do you know what type of certificate to purchase? Which SSL provider should you buy from? You can find the answers to all your questions about buying an SSL Certificate in the SSL FAQ or by using the SSL Wizard to compare SSL.
Originally posted on Sat Mar 6, 2010