Web Security: Why Your Church Needs an SSL Certificate

Web Security: Why Your Church Needs an SSL Certificate

April 26, 2017 by

Humans have always fought to feel secure. First it was a cave and fire, then homes with doors and locks, eventually we somehow got to the point of having an internet security cam so we can remotely check on our pets while we are at the coffee shop.

As you know, internet security is a major deal. Hackers and malware are everywhere and major institutions spend trillions a year in keeping their systems secure. The first layer of all security is to secure the connection between the server and the user. This is actually the part you see the most. That nice little green lock in your browser bar. It feels so right, doesn’t it?

Does my church need an SSL certificate? Easy answer: Yes.

If you notice that green icon in the browser bar, you aren’t the only one. Google has taken notice that this lock matters. As of January 2017, Google has updated its Chrome browser to begin labeling sites that fail to present the SSL certificate with a nice little label of “Not Secure”. Yikes.

So to back up a bit. What is an SSL?

The SSL certificate, the thing that dictates the green lock and ‘https’ URL, stands for Secure Socket Layer. This means that the connection between the browser and the server is encrypted from any “man-in-the-middle” exploits. So you can be sure that no one can “watch” your data being sent and re-direct it or steal it.

Having an SSL certificate means your site will load using ‘https’ instead of just ‘http’. That ‘s’ stands for secure.

So here you are, asking, “Does my church need an SSL certificate?” Easy answer: Yes. Google and most consumers agree that all sites are expected to be secure. I know you may not be asking for any sensitive data. But in this day in age, the green lock has come to stand for security, validity, and safety.

Those are all things you want people to feel when they think about your church.

So I need an SSL certificate. Now what?

First, this is actually a five-minute process if you know what you are doing. Any good host should make this pain free these days. Usually it involves you filling out a basic form, maybe paying a fee, and they should install it for you. Cost is anywhere from being included with your hosting to $99 per year.

Now I have it, is that all?

So now you have an SSL certificate, you may need to make some changes on your site. A lot of churches use WordPress, so I will stay on that path, but the info is universal. You will need to force your site to use the SSL, via the https url.

  • Set your primary domain to https://yoursite.com. This may log you out of most content management system (CMS) tools. Log back in.
  • On WordPress, you may need to force assets to use the https as well. Images and files not secured won’t load unless you do. Really Simple SSL is a great plugin to force all images, links, assets on your site to also be https based.
  • Force all traffic to the https version. The Really Simple SSL plugin will do that for you.

If you have a web developer, call them. This is literally their job. They may bill you a bit, but shouldn’t be much as its under an hour of work on most sites.

Now that you are secured, your site should load using the https and display the green lock icon. That’s it. Your site is now using a secure connection to the user, and Google search results will also show your site as secured in the results.

This seems too easy. What else can make this complicated?

You are right, that did seem too easy. It can be this easy on the right host, site, and infrastructure. While that works in a perfect world the reality is that your site may be more complicated. Here are a few thing that for sure complicate things:

  • The host. Not all hosts are savvy with SSL certificates. The cheap (under $10 a month) hosts don’t usually have all the right tools in place for you to easily do this, or your account may be restricted for this feature. Solution: Call the host, or find a new one. There are some super good ones out there these days.
  • Some site services simply don’t offer it. If you’re using a website service, you’ll need to check with them to see what they offer. It may not be a service they allow you to roll out to your entire site yet (it may be limited to giving pages).
  • Your site build. Depending how the site is coded, you may need additional work to get it all working on https. If any element of your site is hard coded to the http URL, the browser will block that item. Meaning CDN files, scripts and images can fail. Solution: Try that Really Simple SSL plugin if on WordPress or reach out to your developer for some assistance here.
  • Videos from outside sources. Technically related to the above point, but any embedded iframe like Vimeo or YouTube will also be effected by that. Good news is that these services usually default to the https these days, so it would most likely be older content.
  • Too many redirects. If your site is based at http with configuration files, and you are trying to force the https, it could loop. Most common solution is to set your sites base URL to https as well. This is a setting with most CMS-driven sites. In WordPress this is under Settings > General.

You’re not secure

One word of caution: Having an SSL certificate does not mean your site is secure. SSL only protects the connection from your site to the visitor. Your site can still be hacked, phished, or spread malware. Thats not the SSL certificate’s role. Securing your site and server is an entire separate post that would be specific to your CMS at hand.

In essence, this is about giving some measure of comfort to your site visitors. You want them to trust your church, and a secure website is one small way to build that trust.

Question? Happy to help. You can connect with me on Twitter.

Some resources for other CMSs:


For more help with your church website, join our Courageous Storytellers Membership Site. We have a whole host of resources to help improve your church website, including platform comparisons, helpful plugins, how to choose a host, user experience checklist, and more.

Post By:

Matt Adams

Matt Adams is a full-time web designer for factor1, a digital creative agency located in Tempe, Ariz. He and his wife have twin boys and spend more hours cycling than most sane people can imagine.
Read more posts by | Want to write for us?

One Response to “Web Security: Why Your Church Needs an SSL Certificate”

  • Mark Steinbrueck
    April 28, 2017

    Great post, Matt. Although we offer SSL certificates to our clients, unless the client is doing some type of eCommerce, we really haven’t stressed the importance. Your article has motivated me to reiterate the importance of a SSL certificate to all of our clients.

     | Permalink

Featured, Web Sites