Need for SSL in 2017

I'm hoping to find someone better versed in web stuff to answer my general web/WordPress questions.

I understand that in 2017, Google is going to start cracking down on websites without SSL certification. And that sometime in 2017, Chrome will start issuing warnings against websites without SSL.

I manage some very small, low-traffic sites that don't sell anything from the site and don't have any members. Do they need SSL as well? How about if they sell via Paypal? If they have a MailChimp or Aweber signup box on their site?

I have a nonprofit site with a forum that is a separate WordPress installation on a subdirectory (http://oregonwomenlawyers.org/working-parents). It's a serious web presence, and I expect to get SSL for them. Do they need a multisite or subdomain SSL or will a single-domain SSL work for both WordPress installations?

I'm with Hostgator, and the cheapest SSL I can get for my reseller account is $40 per year, plus installation. I've seen Let's Encrypt, but it doesn’t seem to be available on resller accounts. Am I missing something?

Thanks in advance for anyone willing to help me with these matters.

Jan Bear

P.S.: If this isn't an appropriate question for this forum, could you refer me elsewhere? Thanks

  • Adam Czajczyk

    Hello Jan,

    I hope you're well today and thank you for your question!

    It seems like SSL is slowly becoming "a must" regardless of what kind of site are you running. You mentioned PayPal and MailChimp and other services and I can say that they'll soon require you to use SSL. For example: Stripe already requires you to use SSL on site if you wish to get any kind of integration.

    Would you need SSL if you don't sell anything etc? Most likely yes. Maybe not that soon as "bigger/commercial" sites but I'm pretty sure at some point in time you will not be able to avoid that anymore.

    As you rightfully noticed: Google is already "cutting off" some non-SSL sites and they are going to be much more strict on their policy; Chrome is about to start issuing warnings on non-secure sites. The bottom line is: I'm afraid that whether we want this or not - we will be forced to implement SSL everywhere anytime soon. Maybe not in a month or two but in a year or two that may be the only way to keep the site working and available for visitors.

    I have a nonprofit site with a forum that is a separate WordPress installation on a subdirectory (http://oregonwomenlawyers.org/working-parents). It's a serious web presence, and I expect to get SSL for them. Do they need a multisite or subdomain SSL or will a single-domain SSL work for both WordPress installations?

    If your site is going under their domain - as an URL suggest - a regular single-domain SSL cert should work. Certificates are issued on "domain basis" and are handled on server level. If you site was available under the "http://working-parents.oregonwomenlawyers.org" URL a wild-card certificate would be required. In this case though I think your site should be protected as well when SSL is introduced to the "oregonwomenlawyers.org" domain.

    I'm with Hostgator, and the cheapest SSL I can get for my reseller account is $40 per year, plus installation. I've seen Let's Encrypt, but it doesn’t seem to be available on resller accounts. Am I missing something?

    I think that the Let's Encrypt cert may be installed on some reseller/shared accounts but that depends on host. You may want to ask them if they support that.

    There's another option though that's quite easy to implement: the CloudFlare CDN offers a free certificate with their free CDN service and it's not even installed on your server so it can work with literally any WordPress install/host. You could then make use of CloudFlare CDN (a side effect would be that you site would most likely significantly speed up) and use free cert from them :slight_smile:

    I hope that helps and if you have any additional questions let me know please.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.