Do website forms need to be hosted on SSL?

Does anyone know if forms which require identifiable personal data (name, address etc) need to be hosted on SSL?

Chrome for example will show the user a warning message if there is a form it believes is collecting personal data on an unsecured page. This is likely to become the norm across all browsers.

You have a duty to take all reasonable steps to ensure a users data is kept safe, SSL would be considered a reasonable step, as would encrypting all passwords etc.

As said, it’s not essential, but browsers are strongly pushing us in that direction by gradually ramping up their warning messages for pages containing forms without SSL.

If only there were a similar push to clean up the absolute mess that’s required to set up SSL!



If you are collecting information, then yes, it’s probably a good idea to use SSL for that form. It really just depends on what kind of information you are submitting.

Now if the information you are collecting is not really personal, like a poll, I don’t see why that has to be encrypted.

The problem with all of this push for SSL is that they are pushing falsehoods. Where is this information you are collecting being stored? Is it encrypted or safe? If you are storing information in a text file on the hosting account and you’re using lax security with keeping your scripts/themes/plugins up-to-date, then having the form on SSL doesn’t really accomplish very much. The website can likely be hacked and then reading the text file with all of the information is trivial.

But… it’s much more difficult for Google and all the big tech companies to tell you how to secure that, so they’ll just tell you to use SSL and then the general population thinks everything is safe! If there’s one thing the general population is always for, it’s quick and easy solutions!

I bet if Equifax had been using SSL their website would not have been hacked. Oops!

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.