Switching to SSL Is Worth It and It Doesn't Have to Be Hard
SSL (Secure Sockets Layer) is an encryption protocol used in communication over computer networks. As a matter of fact, the SSL specification has been superseded by TLS (Transport Layer Security). However, the SSL acronym is still widely used to refer to both protocols.
You can immediately tell which websites use secure connections. If the connection is secure, in the address bar of your browser you will see “https” instead of “http” and depending on the browser a green padlock icon may appear.
TLS communications between two computers (e.g. a web browser and a server hosting a website) have the following advantages:
- The connection is secure because the transmitted data is encrypted. At the start of each session, the two computers generate cryptographic keys which will be used for the data transmission. By design, these keys cannot be intercepted by potential attackers who somehow manage to monitor the connection (for example in an unsecure public Wi-Fi network).
- The identity of the communicating machines can be authenticated. Usually, at least one machine must be authenticated (typically the server).
- An integrity check is performed to ensure that the transmitted data is delivered completely and unaltered.
Must all webmasters switch to SSL? No. If your website doesn’t handle any transactions, you may be fine without SSL. Does SSL protect your website from being hacked? No, that is not the purpose of SSL. However, there are no disadvantages in switching to SSL (except perhaps a temporary drop in search engine positions). If you log in as a website admin when travelling or using public hotspots, then SSL encryption is highly recommended. I would not do that without HTTPS.
Besides encryption, there are other benefits of SSL. Google has confirmed that HTTPS is a ranking signal, and sites with SSL receive a very small boost. All things being equal, a site with SSL will rank higher than a site with the same relevancy score but without an SSL certificate. SSL is also a requirement for HTTP/2, which is a major improvement over HTTP 1.1. HTTP/2 significantly improves page load speed by decreasing latency. Page load times are also an important ranking factor. Even if they weren’t, many visitors get easily irritated by slow websites and leave them quickly.
Some new hosting plans include a free SSL certificate (for 1 domain). Usually, it is possible to purchase additional SSL certificates (e.g. for subdomains or other websites), but there is a recurring monthly fee for that. Some hosting companies, for example Siteground, offer unlimited free SSL certificates from Let’s Encrypt. This way, in one hosting plan from Siteground you can set up multiple websites with SSL certificates and there will be no additional cost.
If you’re setting up a new site and your hosting plan includes SSL, then starting with HTTPS is simple. But what if you already have a website without SSL and would like to switch? The process is not terribly complicated, but after you activate SSL for your domain in the control panel of your hosting company, your beautiful website may stop to work properly.
You can surely find great tutorials about fixing all kinds of HTTPS-related issues. But do you really want to do that and do you HAVE TO do that? If you have a WordPress site, there is an easy way.
This is where our WordPress Plugin of the Month, Really Simple SSL, comes in. You just activate it and that’s it! All problems related to the transition to HTTPS disappear! Just like that. I realize that there might be some unusually complicated cases which require some tweaks. However, as far as my websites are concerned, the plugin has always worked perfectly out of the box. One click, as the plugin author promises, and all SSL issues were fixed. No more missing files, mixed-content warnings or redirecting errors. There is no need to write any tutorials for Really Simple SSL. There is just one tab with 6 settings, but most users probably won’t need to change the default values.
This plugin has saved me a lot of time, which I’d rather spend creating content than fixing technical issues. There is a premium version of Really Simple SSL with additional features and support. For many users, however, the free version available from the WordPress repository will be sufficient.
To express my gratitude to the plugin author, Rogier Lankhorst, I curate Really Simple SSL and award it the title of “WordPress Plugin of the Month”. Highly recommended!