Since January 2017, when you visit websites without SSL, Chrome and Firefox will show you an insecure icon in the address bar. It might be just a small icon, but there are more issues behind. Anyway, it is 2017 already, information security is even more than necessary. Safari is still not showing the difference, but I believe that it will update soon.
Pay attention that you will need to check your site content carefully. I have seen several sites having SSL, accessing via https, however, Chrome is still giving them insecure icons. Why? Because they use mixed content. A part of their content is still loaded from unsecured source with http, not https.
When I talk with my customers, there are few things that they consider for migrating to SSL.
The cost of SSL.
Fortunately, nowadays SSL certificates are cheap enough. It is a very small amount, comparing to business expenses, even with small businesses. Unless you need an EV SSL or a wildcard SSL certificate, it usually costs less than $50 / year.
[div class=”greenbox”]Many of my customers at OsloNAP have been using single-domain SSL, which costs only 245 NOK / year (less than $30).[end-div]
The site performance.
There was a concern before about the site performance, but it should not be the issue anymore. Due to the encryption, the server would need to use more system resources for processing your data. However, the server hardware now is quite powerful, in addition to cloud, clustering technologies, if you are using a good hosting vendor, you should not have any issue with SSL-enabled sites, even your sites can have high traffic. The fact is that if your site has high traffic, more people access your site, you should take care of your users’ security as soon as possible.
The affection to other scripts.
As mentioned above, the SSL should cover all scripts, content on your site, not mixing secured and unsecured content. For external scripts, such as Google Analytics, there is a small change in the configuration, but it doesn’t affect your usage and data. No worry.
I don’t collect credit card or have a membership site.
That’s correct. Not all company process credit cards or build a membership site. However, if you have been using your websites as a sales tool, a communication tool to your customers, you still should use SSL. Site speed and https are listed as the first factors for a site to get a better position in Google search result pages. For the websites without SSL, Google might lower the ranking, and your sites might disappear from the SERPs.
Still not decided yet? I would urge you to think fast. Considering technically and emotionally, having websites without SSL just bring worse results and bad feeling for your customers. We all know that is not good for any business! Let me know your concern, we can resolve it.