In July 2018, Google announced they would begin marking all sites without an SSL certificate as “not secure.” This identifier allows website visitors to know whether or not their personal information is safe and secure while they’re browsing sites on the internet.
When an SSL certificate is present on a site, the site’s URL will display as ‘HTTPS’ and you’ll see a green lock next to the words ‘Secure’ in the URL window.
HTTPS indicates that the site protects user data and ensures that the user is connected to an authentic site.
Bottom line, Google wants a more secure web and is making HTTPS the standard for all websites going forward.
What is an SSL Certificate?
SSL stands for Secure Socket Layer (SSL). SSL is a security protocol that allows encrypted communication between a web server and internet browser. It encrypts all data transmitted between the server and the user using an encryption key that is placed on the server.
If your website doesn’t have an SSL certificate, then a secure connection can’t be established. This means that the information transmitted is not connected to a cryptographic key.
SSL certificates include the following information:
- Name of the certificate holder
- The certificate’s serial number and expiration date
- A copy of the certificate holder’s public key
- The digital signature of the certificate-issuing authority
How Does SSL Work?
When a visitor navigates to your secure website, your website sends the SSL certificate to visitor’s browser with the key needed to begin a secure session. This initiates the SSL “handshake” and allows for secure transfer of information between your website and browser.
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol used for communication between your website and the internet browser a visitor is using.
HTTPS means that all communication between your website and the browser being used is encrypted, meaning none of the data from your visitors will be tampered with or forged. When your website is secured with an SSL certificate, HTTPS will appear in your website’s URL.
Three Critical Reasons to Secure Your Website
There are three reasons why switching to HTTPS is critical:
Authentication helps verify ownership of your website. Believe it or not, there are people out there that make replicas of websites and divert traffic in an effort to steal from you.
Most people know that they need to check for the green lock in the URL window before entering personal information into a website. But you can go one step further and verify the SSL certificate to make sure your visitors know their information is safe on your site.
Data integrity is about whether the data on your site has been tampered with while it’s in transit. If someone knows what they’re doing and your website is not secure, they can tamper with the data transmitted from your server back to the client. The contact form a potential client just filled out on your website could go to a hacker and not to you.
Encryption refers to the security of communication between the client and the server so that no one else can read them. This is a key point for commercial websites. While it’s extremely important to encrypt the communications on an ecommerce website, it’s equally important to encrypt the data submitted using forms.
Google Says HTTPS and SSL is a Necessity
Google has confirmed that it uses HTTPS as a ranking signal when showing search engine results. This is a good thing for your business, as it gives you a competitive advantage against businesses who do not have an SSL certificate on their site.
Google also states that if your website does not use HTTPS that not only will your search engine rankings be affected, but your website’s credibility will be affected as well.
In July 2018 Google began displaying the security of the connection in the address bar of Chrome on all website pages, marking all HTTP pages “Not Secure”.
The Cost of an SSL Certificate
The cost of an SSL certificate will depend on your website’s hosting provider, who they buy the certificate through, and the type of certificate they buy. There are three types of SSL certificates:
- Single Domain – This type of SSL certificate is only valid on one domain URL.
- Multi Domain – Also known as a Universal Communication Certificate (UCC) this secures multiple domain names and multiple host names within a domain name. You can set a primary domain and then add up to 99 additional Subject Alternative Names (SANs) in a single certificate. This is great for businesses with multiple sub domains and URLs for different services, product lines or geographic locations.
- Wildcard – This type of certificate is for securing all of the subdomains you may have for a single domain.
When selecting your SSL Certificate, it’s best to consult with your web host, marketing agency, or IT department to make sure you’re selecting the right option for your entire business.
The Process of Switching from HTTP to HTTPS
Switching from HTTP to HTTPS can be a tricky process. There are a few potential issues that can occur, which is why this isn’t considered a quick, DIY project. Here are a few things that need to happen to convert your site from HTTP to HTTPS:
- Find the right SSL certificate for your website
- Install the certificate on your website
- Update the configuration of your website to point to HTTPS instead of HTTP
- Redirect all pages for your HTTP website to the location of the HTTPS site
- Re-verify ownership of your website in Google Search Console and update the sitemap location
- Update your web property’s configuration in Google Analytics
- Test and confirm that the conversion was successful
Keep in mind that while the domain of your website is not changing, the address to get there is. HTTP and HTTPS request your website from two different ports on the web server.
Because of this, your website traffic may drop briefly as Google works to re-index your site. This is also why making sure your HTTP redirects are working is extremely important.
From here, there are a few additional things to consider:
If you have any marketing tools or digital ads pointing to your website, you’ll want to update the URLs they’re pointing to. While redirects will be set up to send HTTP request to the HTTPS URL, it’s still best practice to change them as redirects slow the request time and could decrease visitors and conversions.
Secure Your Website with an SSL Certificate
Securing your website is an absolute must if you want to be competitive online and build trust with your customers. Making the switch sooner rather than later will benefit your website and business exponentially.
More businesses are realizing the value in digital marketing and that to compete online your SEO strategy needs to be more than just the basics. Paying attention to SSL could allow your site to rank higher.