Yes, you need to put an SSL certificate on your website

No, there are no good reasons not to.

If you have a personal website, small blog or CV, stop what you’re doing right now and get an SSL certificate installed and make sure the site is only accessible through ‘https’ URLs.  Unless your site is specifically, you need to do this. If you have already done this, good on you. Backslaps and high-fives all around. If you haven’t done this yet, stop hurting people and the internet and get on it.

To ensure the maximum number of websites take this seriously, Google has implemented it’s own form of hard GDPR-esque deadline, and it’s arrived. As of next month (July, 2018), Google’s Chrome will simply alert users going to http sites that the sites are “not secure.” I’m fine with this. Thanks Google. No, I’m not going to get into the semantics of that. No, I’m not going to get into the debate over https being used on malicious sites. Yes, your site needs to authenticate itself with a browser and ensure the data coming from it to a browser is both encrypted and makes it more difficult for an attacker to alter the data in transit. I don’t care about the what-if scenarios that explain how that’s still possible in specific circumstances. Those circumstances aren’t the majority. If you’re not doing something as trivial as getting your site https protected then I’m going to chalk that down to laziness. Don’t have a website.

Want to ague some more? For all your “But my site doesn’t need https because” arguments, There’s already a web page for you, called “Dose my site need https?” (spoiler: it does.)

Use Cloudflare? To make things easier on website owners new to SSL certificates, Troy Hunt, a Microsoft regional directory, made the interwebs better with a short set of video explainers and tutorials on how to set it up via Cloudflare.

Want to roll it yourself? Yours truly isa fan of rolling out SSL fairly easily and quickly using free Let’s Encrypt certificates and EFF’s Certbot helper.

Want someone to manage that for you? Find a VPS web hosting service that puts all websites on https by default. This site is sitting on 1984 Hosting servers, which started putting https on all websites, for free, a while ago.

This post is aimed at the small site owners out there because, by in large, this is the biggest group of perpetrators in not taking security seriously, either out of a lack of knowledge or from the idea that they’re just a small fish, or the flawed notion that they “have nothing to hide,” whatever that means. People have decided to visit your content out of all the content they could look at on the entire World Wide Web. Value that.

SSL has become trivially easy, and adds a layer of security for your site’s visitors. It isn’t just about forms. It isn’t just about interactivity or whether you sell things on your site. It’s literally about offering better integrity of all the information, passive or otherwise, that is shovelled from your website, over a topsy turvy path across networks around the globe, and into someone’s personal device. When someone visits your site, they’re inviting your data into their computer or mobile, the thing that’s also running their work and/or other doing important tasks  for their finances or personal lives. Don’t be a dick about it.