SSL depends on the host – quite a few are now offering the free Lets Encrypt SSL certificates inside your control panel. I’ve done that with a few domains successfully and will be rolling it out to others. It was as close to 1 click as you can get.
On other domains (which are a bit more important) I’ve paid for SSL via the host and had them set it up.
SSL is one of those things Google is pushing but at the moment it seems to be more hot air than actual differences in search results from what I’ve read although it seems a bit more important with e-commerce sites as customers do tend to look for the padlock.
Update: I did a little more research on this topic last night. I found this video on YouTube.
He talks about Cloudflare in this video. You might be aware of the “Cloudbleed” bug. I don’t think “Cloudbleed” will affect this if you add a Cloudflare SSL certificate now. The reason is because they’ve fixed the “Cloudbleed” bug and you’d be installing this certificate post-Cloudbleed.
I have been waffling about adding SSL to my product sites so this is something I need to research. Since most of my products are for ‘newbies’, I am not sure how many really understand SSL! Any feedback on the pros and cons of switching to SSL will be greatly appreciated. 🙂
I looked at letsencrypt.org. Unfortunately, apparently neither NameCheap nor 1and1 easily support installing SSL certificates except the ones they sell. I did some more research and then I found the video that I posted the link to. That video discusses using certificates from Cloudflare. I had to think about that one for awhile since they had their recent “Cloudbleed” incident. I decided I’d probably be OK with that since it’s a new site and they fixed the bug that caused “Cloudbleed.” Something that I find interesting about the whole thing is that large sites often don’t have SSL certificates.
I think it’s more about the perception that browsers will display the icon that a site isn’t secure. There’s also Google’s posturing about how they’ll rank (or rather de-rank) insecure sites.
Agree that Lets Encrypt is only worth doing if your host easily supports it – two of the hosts I use do (Vidahost and Geek Storage) but both have the caveat that it’s a free service so if something breaks you’re basically on your own.
And definitely agree that a lot is Google posturing – from what I’ve read, they’re more aggressive about it with e-commerce sites where there’s money changing hands. Which makes sense.
No doubt Google is busy blowing their own horn. And the fact of the matter is that since I’m using PayPal as my payment processor, the user’s data would be encrypted by PayPal. However… since Google is the 800 pound gorilla and their browser is apparently now the most popular browser, the perception will be that if you don’t have the green lock icon, your site isn’t safe. And Google won’t do or say anything to alter that perception. Not to mention what they say they’ll do to your rankings. And of course FF and all the other browsers will follow suit. They already are.