HomeDigital MinistryWebsitesDoes Your Church Website Need An SSL Certificate?

Does Your Church Website Need An SSL Certificate?

-

It used to be that you only saw SSL certificates used with online banking and ecommerce. Today, more and more web site owners are choosing to use SSL certificates on their websites for added security, increased trust with their web visitors, and hopes of getting a boost in their search rankings. SSL stands for Secure Sockets Layer and are cryptographic protocols that provide communications security over a computer network (Wikipedia). Let’s look at what an SSL certificate actually is, the different kinds of SSL certificates that you can get, and a few things to look out for when installing an SSL certificate on your website.

What SSL Certificates Actually Do

There is a lot of confusion over what an SSL certificate is and what it does. An SSL certificate is not a firewall. It is not antivirus software. It doesn’t block spam. An SSL certificate really only does one thing. It encrypts the communication between your web browser and the web server that your browser is talking to. In other words, they make it so the communication between your web browser and the web server is private. Sort of like being on a secure telephone landline where you know that nobody else can listen versus a walkie-talkie where anyone who tunes in can hear what you are saying.

Three Reasons To Use SSL

There are some very good reasons why you might want to install an SSL certificate on your website. The primary reason you would want to install an SSL certificate on your website is to secure the information you collect from your visitors. In addition, SSL certificates provide a layer of trust between you and your web visitors letting them know that your identity has been verified by a third party. Lastly, search engines, including Google, have stated that having an SSL certificate on your website is a good thing for your search engine rankings.

1-Secure Forms

First, if you have any forms on your website, especially forms that collect sensitive information like passwords or credit card information, you will definitely want to have an SSL certificate so the bad guys can’t snoop on that information. If you have a form on your website and you do not have an SSL certificate, many web browsers will show a warning that the form is, “Not Secure.”

b0495e8f 2805 4396 84fd 8a8c69a37b0f not secure

2-Trust

When you start shopping for an SSL certificate for your website you will notice that the price of the certificate can range dramatically. You can get an SSL certificate for free through a company called Let’s Encrypt or you can pay hundreds of dollars for an SSL certificate. The difference is trust. The more you do to verify your identity with the company issuing the SSL certificate the more the SSL certificate will cost.

For example, the free SSL certificates from Let’s Encrypt require almost no verification at all. Let’s Encrypt SSL certificates work off the digital fingerprint of your web server. You don’t have to provide any documentation verifying your own identity or the identity of your organization.

If you buy an SSL certificate from a company like GeoTrust or Comodo, they will ask you for documentation verifying your identity. This will include things like sending them a copy of your business license, a utility bill with your address and name on it, and other paperwork that verifies that you are who you claim to be. Once the issuing company is satisfied, they will issue the SSL certificate to you with their stamp of approval on it saying that they have taken the steps to verify your identity.

The only difference between free SSL certificates and expensive ones is trust. They all provide the same level of encryption. On a technical level, they all work in exactly the same way. The communication between the web browser and the web server is no more secure with an expensive SSL certificate than it is with a free one.

Very few people even know how to check what kind of SSL certificate you are using and who issued it to you. So, unless you are a bank, you may want to just go with a free SSL certificate from Let’s Encrypt especially if you are just starting out.

3-Search Engine Boost

One more reason to use an SSL certificate on your website is to get a little boost from search engines. Google recently announced that having an SSL certificate is, in fact, a factor in determining the rankings of their search results. All things being equal, a site with an SSL certificate will have a slight edge over a site that does not have one. Having said that, do not expect to install an SSL certificate and suddenly land on the first page of all the search engines. The boost you’ll get from having an SSL certificate is small but real.

3 Possible Problems

There are a few really important things to watch out for when installing an SSL certificate. There are some things you need to do to your website and a couple things to keep in mind.

1-The Broken SSL Lock / Mixed Content

When you install an SSL certificate, all of the resources that get pulled in to your site need to be pulled in from a secure (https) resource. Insecure (http) resources will be blocked. So, if your website has referenced all your images over http (not https) then the images will be blocked by the web browser and will not show up. This will also result in the SSL lock on the browser being broken and the visitor will probably get a warning message saying that the page is not entirely secure. Before updating your site with an SSL certificate, make sure all the resources are getting pulled in securely.

2-Blocked Content

It’s not just images that can get blocked. Anything that originates from a site that is not using an SSL certificate will be blocked as well. This can be a really big problem with church websites that have live streaming because some live stream services only offer the stream over http, not https with an SSL certificate. That means when people push play to listen to the live stream nothing will happen. The live stream will be blocked because it is seen as insecure content.

3-Possible Loss of PageRank

One last problem is that changing all the URLs on your site from http to https could result in a loss of PageRank which is the value of your page to Google for search engine rankings. This is a really technical issue, but there are two basic ways to redirect traffic from your old, insecure links to your new, secure links. One is a permanent (301) redirect and the other is a temporary (302) redirect.

When you permanently change the location of a page, like when you install an SSL certificate and want everyone to use the new, secure link, you want to redirect the traffic with a permanent redirect. Google and other search engines will understand what you have done and you shouldn’t lose your rankings in search results.

Having said that, Google wants the entire Internet to switch to using SSL certificates and have announced that they will not reduce the PageRank of any page regardless of how the redirect happens.

This, of course, is only true if the new page has the same content as the old page. If your new page is served over https and the old page was http – and that’s the only difference – then you should retain 100% of your page’s PageRank when making the switch.

Conclusion

Overall, it’s a great idea to install an SSL certificate on your website. It’s definitely the direction the internet is moving. Just make sure you consider things like your live stream and make sure all of your content can be pulled in securely over https. Making the move to SSL can be a little tricky and technical, so you may want to contact a web developer for help to make sure everything goes smoothly.

Lee Blue
Lee Bluehttps://cart66.com/
Lee Blue is the founder of Cart66, the WordPress shopping cart. When not helping people set up online stores, Lee can be found leading worship at Calvary Chapel Mechanicsville or spending time watching baseball with his wife and 5 children in Lanexa, Virginia.

9 COMMENTS

  1. With services like LetsEncrypt and Cloudflare available for free, there is no reason not have an SSL Certificate on your site.

    The “Downsides” you mentioned, aren’t downsides at all. They’re indicators that you haven’t finished setting everything up yet.

    1 – Mixed Content Warning: You need to fix your website so you’re no longer loading insecure resources
    2 – Blocked Content: Same thing. Stop loading resources from insecure resources
    3 – “Loss of page rank”: How can you say “Improved page ranking” and then say “Loss of ranking” at the same time? A) This can be resolved using a HSTS header, and having your site added to preload lists, so people NEVER make HTTP requests to your site to begin with. (Having it preload also would help with ranking) B) Any marginal drop of ranking from having a 302, would be MUCH offset by the fact that you’re not serving content over HTTP

  2. Hi Lee, great article!
    At the risk of being “That guy”, I just thought I’d bring it to your attention that the example image of the WordPress login page in this post is being delivered via http and not via https. The irony of the post topic and this occurring caused a little chuckle for us at the office!

    For the other readers who don’t know what I’m talking about, if you’re using SSL and some of the content on your page isn’t using SSL (eg, http:// not https:// for an image), you’ll get mixed content warnings (from most browsers).
    A great way to get around this especially if you’re using WordPress is to use CloudFlare for your DNS. They offer a great plugin to get your site on SSL and prevent those pesky warnings!

    • Hi Rebecca, Thanks for your comment. I wouldn’t stress about SSL for a small church website in a small town. I checked out your website and it looks like you’re doing a GREAT job communicating all the necessary details – service times, what to expect, pictures, and more. Good job! Keep up the great work and feel free to chime in about what resources you’d like to see here to help you do your job better. Blessings, Lauren

    • Hi, Rebecca. I clicked on your name to visit your website and it looks like you’ve already got SSL going. I also agree with Lauren. If you’ve already got everything working, no need to worry about adding SSL to your site. But, again, when I visited your site, I saw that SSL was already running. I looked at your SSL certificate and it was issued on Aug 16, 2017 and is valid until Nov 16, 2017. So my guess is that you’re using an SSL certificate from Let’s Encrypt that auto-renews for you every 3 months. Everything is looking good.

  3. Personally I think it’s kind of silly that sites that don’t handle sensitive data are still more or less “required” to have SSL since search engines have decided to give preferential treatment to sites that have it… but it is what it is, I suppose. At least it’s a lot easier to add to sites nowadays, and also free!

  4. Hi, Mark. Yes, different browsers behave differently when it comes to blocking insecure content. Both Chrome and Firefox block the loading of insecure content. Internet Explorer (under the default settings) will allow insecure content to load. You can verify this in Chrome (or Firefox) by opening up the web inspector and looking at the errors in the console. Sounds technical, but it’s easy to do. Here’s how:

    1) Open up Chrome and go to the page having the problem
    2) Right click the page and select “Inspect” from the pop-up menu (or just press ctrl+shift+i)
    3) Select the “Console” tab and read the error messages

    You’ll probably see some errors that say something to the effect of “Mixed content: The page at yada yada yada… This request has been blocked; the content must be served over HTTPS.” The error message will tell you which resources (scripts, images, streams, etc) are being blocked.

    Let me know if you have any other questions or if there’s anything I can do to help.

  5. Lee, this is great information that many churches don’t think about, especially small churches. The thought process is “I’m not selling anything, what do I need a SSL certificate for?” You have given very good reasons/benefits for having an SSL certificate.

    Regarding blocked content (specifically the live streaming example), can that vary depending on the browser? We have one church who streams live and it works well on Internet Explorer but will not display on Chrome or FireFox.

Leave a Reply to David Moore Cancel reply

Please enter your comment!
Please enter your name here

Featured Posts

LATEST POSTS