Should SSL be used in purely informative page

Question

What are the reasons to using ssl in purely informative wordpress page?

Possible duplicate of [Should a site have SSL if it doesn't have a login form?](https://security.stackexchange.com/questions/38832/should-a-site-have-ssl-if-it-doesnt-have-a-login-form) or [Why do websites use HTTPS when they don't need to?](https://security.stackexchange.com/q/52856) or [Have a HTTP or HTTPS website?](https://security.stackexchange.com/q/137111) — AndrolGenhald, Apr 24 '19 at 18:05

score 0 · Answer 1 · answered Apr 24 '19 at 17:55

Authentication

Authentication helps verify ownership of your website. Believe it or not, there are people out there that make replicas of websites and divert traffic in an effort to steal from you.

Most people know that they need to check for the green lock in the URL window before entering personal information into a website. But you can go one step further and verify the SSL certificate to make sure your visitors know their information is safe on your site.

Data Integrity

Data integrity is about whether the data on your site has been tampered with while it’s in transit. If someone knows what they’re doing and your website is not secure, they can tamper with the data transmitted from your server back to the client. The contact form a potential client just filled out on your website could go to a hacker and not to you.

Encryption

Encryption refers to the security of communication between the client and the server so that no one else can read them. This is a key point for commercial websites. While it’s extremely important to encrypt the communications on an ecommerce website, it’s equally important to encrypt the data submitted using forms.

for more details click here

Google Says HTTPS and SSL is a Necessity

Google has confirmed that it uses HTTPS as a ranking signal when showing search engine results. This is a good thing for your business, as it gives you a competitive advantage against businesses who do not have an SSL certificate on their site.

Google also states that if your website does not use HTTPS that not only will your search engine rankings be affected, but your website’s credibility will be affected as well.

In July 2018 Google began displaying the security of the connection in the address bar of Chrome on all website pages, marking all HTTP pages “Not Secure”.

EV has been shown to be mostly useless several times. – AndrolGenhald Apr 24 '19 at 18:03 — AndrolGenhald, Apr 24 '19 at 18:03

score 0 · Accepted Answer · answered Apr 24 '19 at 17:58

SSL/TLS serves several purposes:

Preventing somebody from eavesdropping the connection between client and server. You might not consider this necessary for a basic information page, but would
Adding authentication (i.e. confirming that example.com is who they claim to be). If the common name in the cert doesn't match the address, most clients will refuse to go any further unless you manually instruct them to.
Providing a way to guarantee that the connection hasn't been tampered with (e.g. somebody hasn't injected malware or performed a man-in-the middle attack)

The first one might not matter too much - example.com doesn't default to HTTPS, since it is a purely informational domain - but the other two do. Do you really want your visitors to think they're on a dodgy site?

Those are the basic reasons. Scott Helme has a blog post about this here, with some more examples (how it might help performance, search engine rankings, etc.): https://scotthelme.co.uk/still-think-you-dont-need-https/

Should SSL be used in purely informative page

2 Answers2