The Short Version
We’ll just say it: yes. Your website needs any SSL certificate If you’re asking for any personal information. But that’s not all there is to it. Search engines are cracking down on perceived ‘non-secure’ websites. Any websites without the SSL certificate will remain http while those with encryption will show https in users’ browsers. Chrome, Firefox and other browsers have began issuing warnings that non-https sites are insecure. Additionally, Google recently announced SSL is a ranking signal, so unless you have SSL your site will be harder to find, impacting on your traffic and revenue.
Is SSL Necessary
Let’s start with the basics: What is SSL? An SSL certificate encrypts the data that goes from a user’s computer to the target website and back. Every time a user enters information into your site, SSL makes sure it can securely travel from their browser to your web server.
What does this mean for website owners? Websites communicate with their customers to share information, and so that they can buy products or services safely with you online. Without getting overly technical, adding an SSL certificate creates a safe connection for those kinds of activities. The most important thing to grasp about SSL is that anything that needs to be secure online should under the protective umbrella of an SSL certificate.
SSL and Google
While the real purpose of SSL is securing information between the visitor and your site, there are other benefits, namely pleasing Google and the opportunity for a page rank boost. Google is serious about its browser security, and has taken the stance that ALL data submitted to Google listed websites should be secured with SSL.
From October 2017, Google launched the new version (version 62) of Google Chrome, and this version would show a “NOT SECURE” warning when users enter text in a form on an HTTP page (meaning pages without an SSL certificate) that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
The idea is that website browsers know the information is going over the internet unencrypted. No doubt this will have a profound impact on user experience. No one wants to go to a website labeled not secure. Popular browser Firefox has taken a slightly different approach to highlighting insecure sites. They highlight the password box with a special note about insecure forms.
As much as these may seem like harsh measures on behalf of Google, it is rewarding HTTPS websites with a favorable ranking over insecure sites in their search engine results.