To use SSL or to Not, on a WordPress site is a very real question.
Do you allow
- login to your site
- have a membership list
- allow filling in of forms with clients personal information
- Accept orders on your site
If you answered yes to any of the above questions you will need to use SSL to encrypt the data between your server (the source/Host), the client and their Browser (Chrome, Safari, Firefox or Edge). Google has embarked on a campaign to discourage browsers from accessing sites that do not have SSL enabled. This has always been associated with cost and the type of security and protection you need is directly related to the cost of the certificate required. Hosting companies supply a service and sell certificates on behalf of the major companies. Most small and new websites that are created on a host cannot justify the cost of a digital certificate for their new venture.
Help is on its way!
Let’s Encrypt is a free, automated, and open Trusted third party certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). This service relies on donations from its members to be able to continue to provide the free certificates.
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
This service has been incorporated by a few of the Hosting companies and allows you to automatically select the free service and have the certificate installed in your domain. Before you register or start a new domain verify that your hosting company allows the use of “Let’s Encrypt” certificates or like me you will have to decide to either pay a fee for one or move your hosting to a company that does offer the free service.