Free SSL certificate from CloudFlare for blogs. Is it worth it?
It has been a little over a month since CloudFlare started offering free SSL, or Universal SSL as they call it, to over 2 million websites using their free service. This essentially doubled the number of websites using SSL overnight, literally!
Let us be clear about what we mean by free. As of now this service is free indefinitely like CloudFlare’s other services included in CloudFlare’s free plan. This is NOT a free trial for 90 days, which is like the industry standard of SSL providers.
SSL is traditionally only used by eCommerce, social networks and email providers. And even eCommerce websites sometimes limit SSL usage to only those pages where payment is made.
Problems of using SSL from a webmaster’s perspective
1. More server load because of encryption.
2. Additional cost of issuing SSL certificate every year.
3. Technical expertise needed to install SSL certificate
4. Only supported by modern browsers.
CloudFlare take care of problems 1,2 and 3. The only problem remaining is browser support. If your visitors have updated their browser in last four or five years, you are good to go. If your primary traffic is from countries which has low adoption of modern browsers, you might want to reconsider before encrypting your blog.
If your users usually don’t have to log in to use your website, there is actually nothing to steal, hence there really is no need for SSL for security. The reason for encrypting a blog is something else.
Since the NSA snooping allegations there has been a cry for using encryption everywhere and to create more secure web. Google, the king of the internet, also a big supporter of https everywhere campaign. Recently they have disclosed, they will be using https as one of the deciding factors when ranking your site on Google. The impact of having SSL is negligible though, not affecting more than 99% of queries on Google. This still is not a sufficient reason to make the switch.
The immediate improvement your website can get from using https is its ability to use SPDY protocol, which now more and more browsers are supporting. Https is a requirement for communication in SPDY protocol. This is a new protocol introduced by Google and has some major speed and performance improvement over traditional http.
The world is moving towards a secure web. A new certificate authority(CA) is proposed to be launched in 2015 to encrypt the whole web. This will accelerate the adoption of https rapidly.
We believe it’s wise to get on the https boat as early as possible, but only after considering how many of your users will be affected.