In December 2016, WordPress announced that all hosts will need to move to a secure server. The reason for this change was to create a safer experience for visitors and also so that certain upcoming WordPress features will work. Further, WordPress also announced that starting in 2017, they will only promote hosting partners that provide an SSL certificate. Now that we’re over halfway through 2017, WordPress isn’t just highlighting the hosts with SSL certificates, they’ve begun omitting hosting partners altogether that do not use SSL by default.
But why is having an SSL certificate so important? Here’s why and what might happen if you don’t change:
Appears as “Not Secure” in Browser
A secure site is one that uses https:// in the URL while an unsecure site appears as http://. Within the next few months, unsecure sites will appear more prominently different to users in their browser. Take note of the icon to the left of the URL you see on different pages. Currently, you’ll notice that non-secure sites do not include the green padlock beside the URL. Soon (no finite date yet), a site that’s not secure will show as “Not Secure”.
This is a red flag for visitors, especially for eCommerce businesses who need to actively work to establish trust with their potential customers. For individuals who are not familiar with secure vs. unsecure websites, this new icon may be confusing. They may feel that websites with the red “not secure” warning have been compromised or that they have other underlying security issues.
Lower Google Ranking
Having an SSL certificate is one of Google’s ranking signals. It’s still a “lightweight” signal, affecting less than 1% of global queries, putting more emphasis on quality content. But with WordPress’ recent announcement, we can only expect this signal to start attributing more weight to overall rank. So without an SSL certificate, your website is missing out on the opportunity to appear higher in search engines and thus increase conversion rates.
Risk of Getting Hacking
SSL certificates are only provided to websites that are trustworthy and can be validated. This means hackers and phishers will have a difficult time obtaining one. If a hacker is able to intercept a message from your website, the SSL encrypts it in a way that is meaningless to the hacker.
Outbeat by Competitors
As the move to a secure internet landscape becomes more realistic, businesses that lag behind won’t be able to keep up with competitors. Companies are recognizing SSL certificates as a way to gain a competitive edge, but soon it will become the norm. Without a secure site, not only will your competitors rank higher than you, your visitors will quickly learn that a secure site is more favorable.
Access to Latest WordPress Features
Allegedly, 2017 is going to bring new WordPress features that will not be available to sites without an SSL certificate. While we’re still waiting to hear how unsecure sites will be affected, it could be an issue down the road.
Whether you sell products online or not, switching to a secure WordPress site will soon be (more or less) mandatory. It’s more than just being able to confirm secure transactions–it’s a matter of being able to compete with other businesses and create a safe browsing experience. Moving from an http site to an https has implications on your SEO efforts as it can affect your links. Work with your SEO agency and host to ensure the migration is a smooth process.