As we all know by now, Google is giving a small rankings boost to sites using SSL. In the past month, I’ve seen a huge increase in the number of people asking me whether they should implement SSL on their sites to benefit from this supposed increase in rankings.
As someone who has recently switched to sitewide SSL after years of using it only for certain pages, my (probably infuriating) answer is, “It depends.”
SSL – Is it necessary?
If you sell products? Probably. If you’re taking credit card payments directly on your website, you definitely need SSL in place to encrypt your customers’ credit card information. However, that doesn’t necessarily mean you need it on your entire site; you might decide to use SSL only on store or checkout pages, for instance. If you use PayPal exclusively to accept payments, you don’t need SSL since customers aren’t paying you directly.
If you offer memberships? Maybe. If you run a membership site, free or paid, SSL might be a good idea. After all, your members are giving you their email addresses, names, and passwords, all of which they likely use on other sites. Do you really want to risk being responsible for a security breach that results in your members’ information being spread across the whole internet?
If your visitors submit sensitive information via forms? Maybe. If your site’s visitors are submitting any personal information, documents, photos, etc. via forms on the site, you might consider SSL to keep that information safe. I won’t even talk about HIPAA compliance as that’s a whole separate issue (and in my opinion, the answer there is not using WordPress at all), but you might be surprised how much information you collect about your visitors even if you don’t sell products or offer memberships or subscriptions.
If your site is only a blog? Probably not. If you have a blog with no products, no memberships, no nothing except blog posts and maybe a contact form, SSL would be a waste of time, effort, and money. Any possible benefit from Google would be too miniscule to count.
Things You Should Know About Sitewide SSL
I mentioned that I recently changed this site to use SSL globally. Here were my reasons for doing so:
- Trust. When I visit a site where I intend to make a purchase or pay an invoice, I’m looking for that green padlock whether I’m on the checkout page or not. Since quite a bit of money passes through my site, I want partners and clients to know their information is safe.
- Experimentation. Just how painful is the transition to full SSL? Will I really see any increase in search traffic? I wanted to find out.
- Future-proofing. In the next year, I’ll be launching a number of new projects, products, and services that will require SSL across a few subdomains. I figured it was better to figure that out now than to wait until the week before launch.
All that said, the process of moving my site toward universal SSL was not an easy one, and I absolutely recommend against it unless you have a real reason for doing so. (In case you’re wondering, “Because Google said so” isn’t a real reason.)