Should my website have SSL?



To find out why, scroll down.

SSL secures the traffic to and from your website.

Your words are valuable, and so are those of your visitors. If they read your stuff, or they leave a message on your website, it is traffic between you and them. No one in between should be able to read along.

SSL protects your visitors.

People have many reasons for visiting your website. Some information might get them in trouble in their jurisdiction without you even knowing it. With SSL, the only publicly visible information is that visitors accessed the main URL of your website. For example, they know you're browsing wikipedia, but not "". SSL makes sure no one "on the line" can tell what your visitors are reading or writing once inside.

Visitors can be confident that they are at the right website.

SSL provides verification. That way visitors know they are listening and talking to you and not an evil impostor.

Encryption raises the costs for governments and companies engaging in dragnet surveillance.

Currently the NSA & co. are spying upon us all. Encryption is our strongest defense at this moment. The more encryption there is, the harder it is to engage in dragnet surveillance. SSL raises these cost significantly.

Your website gains credibility because you show you are taking your visitors' safety seriously.

You spend time to make a good website, your visitors spend their time engaging with your content. Our time is valuable so if we spend it, it should also be taken seriously. Securing your communications is a token of appreciation to your visitors (just like not using tracking cookies is, but that is a different subject).

"But there is no secret, dangerous content on my website!"

In some situations, merely visiting and reading your site might endanger your visitors. Also if you use a CMS like WordPress you are logging in to your own website through a webform. Not using SSL reveals your login credentials to anyone on the line between you and your website meaning your log-in details can be used to manipulate content on your site.


It is difficult to get.
Move to a webhoster that will set it up for you. They do it all they time and you just have to ask them.
It is too expensive.
There are ways to do this on the cheap, like making your own certificate. But first you have to ask yourself; how serious do you take the integrity of your own site and the security of your visitors?
My site already has SSL!
You get a golden star with a rainbow. Now move on to DNSSEC to unlock the unicorn level.

Links and Partners

Who is talking about this?

How do I get my site certified?

This website was made in a sprint at Greenhost as part of the Responsible Data Forum.
All content and code 100% WTFPL.
Hosted on GitHub. Fork away.