In simple terms, an SSL certificate encrypts data that is transmitted between two devices. For example, if you fill in your name on a form on a secure Webpage and click submit, then it is near impossible for anyone between you and the Website itself from determining what you entered on the form. If the form isn’t secured (by an SSL certificate) then it is fairly simple for anyone able to access the communication between you and the webpage to see what you entered on the form. It is very important therefore that sensitive and private data is transmitted via a secure means.
Advantages of SSL Certificates for WordPress
There are four primary reasons for using SSL with WordPress; customer confidence and securing data:
- Customer Perceptions: Fortunately people are becoming far more aware of the benefits and necessity for encrypted and secure data transfer. Most people are fully aware that if a padlock, or ‘HTTPS’, cannot be seen in their browser they shouldn’t trust that their credit card details, password or other information are secure. If you have an Online store or collect private information then, from a customer awareness perspective, you must be securing Webpages that are used to collect potentially sensitive information.
- Securing Data: There are legal and practical reasons for using an SSL certificate for your WordPress Website. If financial or private information is collected via a form on your Website and is intercepted by a hacker you may be breaching certain laws. Also, although WordPress is actually very secure (such as with it’s use of SALT encryption), there can only be benefits in using SSL on your wp-admin login Page (if you’ve ever had to restore a hacked Website you’ll know that prevention is far better than curing a hacked Site).
- Cost of SSL: The cost of using a SSL certificate is reducing greatly (you can get one issued and installed from Godaddy for a few dollars a year if you have Godaddy hosting). You may even get a free certificate if you are prepared to install it yourself (see disadvantages below for complexities in installing a certificate).
- WordPress and SSL: Once your SSL certificate has been installed on your host it is very simple to setup WordPress to use SSL via the WordPress HTTPS Plugin. Just install the Plugin and choose your settings and which Pages you’d like to use SSL and your WordPress Website is secured!
Disadvantages of SSL Certificates for WordPress
- HTTPS is slow: Unfortunately use of a SSL certificate slows the Page load speed. This is unavoidable and therefore only Pages that require encryption should be set to use SSL. The WordPress HTTPS Plugin allows for simply specifying which Pages should be using encryption. For example, your wp-admin Page should be designated to use HTTPS but there is no advantage to encrypting Pages once you are logged in to wp-admin.
- Difficult to implement: It takes quite a bit of knowledge in understanding how to implement a SSL certificate on your host or server. Even when hosts implement a certificate for you it can be confusing as which SSL certificate to buy and what options to choose.
There are advantages and disadvantages to using a SSL certificate with your WordPress Website. The advantages however usually significantly outweigh the negative aspects.