Sucuri Partners with Let’s Encrypt to Offer Free SSL Certificates to All Customers


Sucuri, a website security company that specializes in securing WordPress (and other CMS) sites, announced that SSL certificates are now available at no cost to all customers who make use of the company’s firewall. As a sponsor of the Let’s Encrypt initiative, Sucuri joins Automattic as one of the first companies to fully automate free SSL Certificates for all customers. The company has also enabled the new HTTP/2 protocol by default, which offers significant performance advantages compared to raw HTTPS.

Unlike, which does not allow users to disable encryption, Sucuri offers a “No HTTPS” option which will force all traffic to be redirected to HTTP. Customers can also select from partial SSL, full SSL, and Custom SSL (where they can use their own certificates).

Despite their sponsorship of the Let’s Encrypt initiative, Sucuri’s founders emphasized that SSL support is not a magic wand that instantly makes your website secure, since it only protects information transferred between the browser and web server.

“Even though we are providing SSL certificates to all our clients, we don’t subscribe to the idea that every website needs HTTPS enabled,” Sucuri CTO Daniel Cid said. “The idea that this makes for a more secure web is inaccurate.”

Cid and co-founder Tony Perez share a perspective tempered by years of experience fixing hacked websites. The majority of compromises come through brute force attacks, software vulnerabilities, and DDOS attacks.

In a post titled HTTPS Does Not Secure Your Website, Sucuri CEO Tony Perez identified three general instances where SSL is essential: when transferring personal identifiable information, transaction data in e-commerce, and other sensitive data. Outside of these scenarios, HTTPS is not as critical.

“I have no doubt that HTTPS will continue to grow in popularity,” Perez said. “What I take exception to is when technology professionals say that one of the driving factors for HTTPS is it’ll secure your website, because it won’t.”

Sucuri only recommends HTTPS for customers who are already taking security seriously and want to add protection for data in transit. The company suggests putting more basic security measures in place first – keeping your software updated, implementing intrusion detection, getting code reviews, and storing passwords securely.


7 responses to “Sucuri Partners with Let’s Encrypt to Offer Free SSL Certificates to All Customers”

  1. I do agree with Daniel Cid when he says that, “not everyone needs HTTPs enabled.” However I still recommend to all of my clients who are participating in an SEO campaign that they do install an SSL. The slight preference that Google gives to SSL websites is worth the investment alone.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: