Should I Add an SSL Cert to my Site?

[Golddisk]

So, its a pretty simple question, but one that I think a lot of webmasters have - should they add an SSL cert to their site.

Many of your know that I own thesurge.net, and I have been considering putting a basic SSL on it just to increase security and protect things like log-in details, which, in recent years, has become quite important to do. What is your guys thoughts? Should I add one, and secondly, what is a good one to add that is around, say, $10-$20 a year?

 

[Carlos X]

Right now, no. If you use Google's AdSense, your revenue will drop because https is enabled. I've sen a lot of reports of this.

However, Google's making changes to the overall search engine ecosystem, so this might be in the cards in the future.

 

[Page]

Right now, no. If you use Google's AdSense, your revenue will drop because https is enabled. I've sen a lot of reports of this.

However, Google's making changes to the overall search engine ecosystem, so this might be in the cards in the future.

Well that's weird since some time ago that I read that all website in the next 10 years have to have SSL enable otherwise the site will get removed..

 

[Carlos X]

Right now, no. If you use Google's AdSense, your revenue will drop because https is enabled. I've sen a lot of reports of this.

However, Google's making changes to the overall search engine ecosystem, so this might be in the cards in the future.

Well that's weird since some time ago that I read that all website in the next 10 years have to have SSL enable otherwise the site will get removed..

Yeah, but it's not "turned on" by google right now. In fact, some sites already see a huge drop off of users or visits to their sites when switched to SSL. Revenues dropped, too. So, google has to code it so that SSL sites are treated the same way as normal sites globally. Google's servers aren't one datacenter, it's multiple.

I'm not sure if this is true for everyone right now (as in today, as of this writing), but that's what I read.

 

[Golddisk]

I am not overly concerned about the Google Adsense thing, the revenue from it is not overly high anyways. Comodo allows a free trial for 3 months of SSL, so I took one out through that and I am testing it out. My site doesn't have any commerce on it, so there is no credit card/address info - but we do collect emails and passwords if someone registers.

A few hours in, I am noticing is that my site seems to load slightly slower. Maybe its just me though.

 

[Jordan]

Right now, no. If you use Google's AdSense, your revenue will drop because https is enabled. I've sen a lot of reports of this.

It appears this is a hit or miss atm. Like example, Shawn from Digital Point stated he had no droppings from his Adsense after he switched to SSL

However, in my opinion, if you can get the SSL installed from the start, it would be best. Otherwise if you already have a full functioning site that has a lot of traffic and revenue, I would wait for Google to patch things up.

In the end though, I will still always recommend using SSL even if you arn't selling things.

 

[Myers]

It depends on your use. If its at risk of a login leak then yes or even if you have a donation section then an SSL cert. Will help security. If not its not worth it

 

[dotpeddler]

I'm taking a wait and see on this one. Those I've seen do it have had rocky performance. Especially on the SEO side. I'd like to see that transition period become more stable.

 

[KnownSyntax]

Depends on if you want one dedicated just to your website or if you want it to be shared. CloudFlare offers free SSL certs for your website if you enable that option and use their DNS options. Although the downside is that you'll need to convert many images to not direct paths but relative (otherwise many browsers will complain that a SSL site is loading non-SSL images/elements to the page).

 

[dotpeddler]

Depends on if you want one dedicated just to your website or if you want it to be shared. CloudFlare offers free SSL certs for your website if you enable that option and use their DNS options. Although the downside is that you'll need to convert many images to not direct paths but relative (otherwise many browsers will complain that a SSL site is loading non-SSL images/elements to the page).

That's another thing I didn't want to bring up. Fixing all those links and images -- years of archives for some of us -- is NO small task.

And Cloudflare? Tried it. Wasn't worth it.

 

[USHost247]

Yes, there is no reason not to have SSL now days. Now users are able to get SSL completely free. (All sites on USHost247 servers get served a free SSL if they do not use their own)

How it works is the "LetsEncrypt" and the Comodo SSL plugins that recently got emplemented in cPanel.
You can get your own SSL that renews every 3 months at letsencrypt.org.

 

[KnownSyntax]

That's another thing I didn't want to bring up. Fixing all those links and images -- years of archives for some of us -- is NO small task.

And Cloudflare? Tried it. Wasn't worth it.

All you need to do is use them as your DNS server, AKA turn off all of that extra junk (optimizing .js/CSS/HTML) and their CDN features to take full advantage of the free SSL cert without them really running any of your content or making things lag down.

I fully agree on the image and link issue, isn't worth it for most at all at this point unless you are going to seriously overhaul your website from the ground up.

 

[Golddisk]

Although the downside is that you'll need to convert many images to not direct paths but relative (otherwise many browsers will complain that a SSL site is loading non-SSL images/elements to the page).

That is probably the biggest roadblock for many blogs and forums. Luckily, nearly every image on my site is self hosted, so that prevented any major issues there. The one implementation issue I did have was that one of my theme's fonts was linked to a non-https google font url, so I did have to hunt it down in the CSS and fix it, which was just a matter of changing the http to https.

 

[Thomasss]

Depends on if you want one dedicated just to your website or if you want it to be shared. CloudFlare offers free SSL certs for your website if you enable that option and use their DNS options. Although the downside is that you'll need to convert many images to not direct paths but relative (otherwise many browsers will complain that a SSL site is loading non-SSL images/elements to the page).

That's another thing I didn't want to bring up. Fixing all those links and images -- years of archives for some of us -- is NO small task.

And Cloudflare? Tried it. Wasn't worth it.

Cloudflare sucks, there's really nothing right with Cloudflare. As far as images and links, image and link proxies would do the trick, and if you use Xenforo (and MyBB 2.0 should be having this in the core itself) you can easily proxy through images and links. If you're not using these softwares than yeah, it's probably not worth switching to SSL.

 

[Kysol]

The rewriting of the links shouldn't be that hard if you actually have control of the server. I understand that some people are on shared hosts with no access to server configurations and other local tools, so it'll be much harder for them to switch over. I've converted large successful sites from a mixture of HTTP/HTTPS over to full HTTPS and they never saw an issue as a fair amount of work went into finding all local links and modifying them correctly. External existing links that they had no control over were just 301 redirected to the new protocol.

"putting a basic SSL on it just to increase security and protect things like log-in details," - I once had an SEO / Marketing company tell me that SSL was only needed on the final point of the sales process and the login screen. They couldn't be more wrong. If you intend to add SSL to your site you need to make sure that all pages in your users navigational flow are secure. There's nothing stopping a MITM attack from happening if you drop them back to a insecure page after logging.

From what I've read Google has given SSL enabled sites a ranking boost (but only slightly). Over time as more sites start supporting HTTPS as the default protocol, Google will increase the ranking boost so that unencrypted sites sink lower in the results. As mentioned before there are movements like LetsEncrypt who give you access to free SSL certificates, and if you have access to your server, you can schedule these certificates to renew automatically.

I don't deal with AdSense so I can't really comment on any issues there, but one thing comes to mind and that might be issues with using HTTP code snippets on secure pages. They just won't run due to security limitations. I haven't found a Google service yet that doesn't have HTTPS support for their assets. If you have banner advertising on your site and the affiliate network doesn't offer them over HTTPS, I think you need to find a new network.

Personally I wouldn't start a new site without SSL these days, I just wouldn't risk it. It's more beneficial to your end user than it is for you. Having a SSL certificate and a site fully running on HTTPS shows your users that every single piece of communication from your server to them has not been tampered in any way.

I would add links to all these points, but you know (3 posts, no links allowed)...

 

[Incoginto]

Right now, no. If you use Google's AdSense, your revenue will drop because https is enabled. I've sen a lot of reports of this.

However, Google's making changes to the overall search engine ecosystem, so this might be in the cards in the future.

If You are going for the revenue and earning , I prefer No Because of the above reasons .

If You are not going for earning and going for SEO and Promotion . You should definitely use this .

 

[Page]

I brought SSL for one year. Haven't installed it because of the reasons of the images and the links to other sites and whatnot.

Do e testing and seems to be all good. But don't know if I should go ahead or not...

 

[Carlos X]

Right now, no. If you use Google's AdSense, your revenue will drop because https is enabled. I've sen a lot of reports of this.

However, Google's making changes to the overall search engine ecosystem, so this might be in the cards in the future.

If You are going for the revenue and earning , I prefer No Because of the above reasons .

If You are not going for earning and going for SEO and Promotion . You should definitely use this .

Google's system isn't ready for a site to be SEO'ed on https. I explained this in a later post...

Right now, no. If you use Google's AdSense, your revenue will drop because https is enabled. I've sen a lot of reports of this.

However, Google's making changes to the overall search engine ecosystem, so this might be in the cards in the future.

Well that's weird since some time ago that I read that all website in the next 10 years have to have SSL enable otherwise the site will get removed..

Yeah, but it's not "turned on" by google right now. In fact, some sites already see a huge drop off of users or visits to their sites when switched to SSL. Revenues dropped, too. So, google has to code it so that SSL sites are treated the same way as normal sites globally. Google's servers aren't one datacenter, it's multiple.

I'm not sure if this is true for everyone right now (as in today, as of this writing), but that's what I read.

And someone else reflects what I said:

From what I've read Google has given SSL enabled sites a ranking boost (but only slightly). Over time as more sites start supporting HTTPS as the default protocol, Google will increase the ranking boost so that unencrypted sites sink lower in the results. As mentioned before there are movements like LetsEncrypt who give you access to free SSL certificates, and if you have access to your server, you can schedule these certificates to renew automatically.

 

[Jordan]

Google's system isn't ready for a site to be SEO'ed on https. I explained this in a later post...

It's ready if you start off as https. Only time it will break any form of SEO is if you are already established without https.

 

[Carlos X]

Google's system isn't ready for a site to be SEO'ed on https. I explained this in a later post...

It's ready if you start off as https. Only time it will break any form of SEO is if you are already established without https.

I have gone ahead and installed https on the following domains:

CarlosX360 (Corporate Site)
DestroyRepeat (Big Board at half a mill posts, and used to be on https)
CODForums (Highest Ranking Call of Duty Forum in the world - that is, not owned by Activision)

Those are my priority sites.

When I posted that, Google didn't announce that SSL/HTTPS would be highly prioritized. It is now.