Having an SSL Certificate on your website is what provides the little padlock next to your domain name showing that the connection to your website is secure. SSL stands for Secure Socket Layer. Think of an SSL certificate like a firm handshake between the server that hosts your website and the computer/phone that the visitor is using to view the site. That firm handshake confirms that any information passed between the server and the computer/phone is encrypted.
Information being encrypted means basically that the information is turned into almost random gibberish, so if a hacker gets ahold of your information, they don’t actually get any usable info on you.
If you don’t have an SSL, that connection is more like a high-five. Lots of room for people (bots/hackers) to interject in between the connection. Plus, since the information might still be un-scrambled, if a hacker gets ahold of your information, it might be usable for them. This is obviously something you want to avoid, both for yourself and for your potential clients.
Until April 2014, we only recommended SSL connections for eCommerce sites. However, that all changed when Google announced that they were seeking to create a secure web and that sites with an SSL would have preferential treatment in the search results over those sites that were not secure. We don’t want to set a client up for failure, so now every site that we sell and host has an SSL. If Google is telling us it’s mandatory, we’re telling our clients the same thing.
What happens if I don't have an SSL on my website?
"Not Secure" Indicator
Chrome Browser (made by Google) has 66% of the browser market share worldwide. If you do not have an SSL, Chrome will mark your site as “Non-Secure”. All major browsers including Firefox and Safari are moving to a user interface that will warn users about insecure pages. This will sometimes result in a giant page that says “Warning! You are leaving safety” when someone tries to enter your site.
I have received my fair share of notices saying my information had been part of a security breach. Seeing a “not secure” notice when I visit a site makes me a little less likely to want to trust any of my precious info to the site. This includes allowing cookies, entering an email, or even proceeding to view the site. It would ESPECIALLY impact a user wanting to enter payment information.
Lower Search Rankings
Google has stated in no uncertain terms that if a website does not have an SSL, people are going to have to search REAL HARD to find your site. If someone searches your niche + location, it’s unlikely you will be in those results unless you have an SSL. It is rare to have Google come right out and tell you one thing you can do to increase your search engine rankings, but they have with the SSL certificates. Google has said that they are using HTTPS as a ranking signal.
Data Loss and/or Site Hacking
The core function of an SSL is to protect your site data. Keep hackers out of your site (strong passwords help here too, more on that in a later blog) and keep your site communications private with an SSL.