What Is SSL & Why Is It Important?
SSL (Secure Sockets Layer) (aka. HTTPS) is all about making the Internet a safer place to browse, but the benefits of implementing a SSL certificate go beyond security.
The https in your browser address bar shows when a website contains a SSL certificate; meaning the browser has an encrypted connection to the server hosting the files of the website. Therefore, information passed over that website is more secure from people spying. It’s not totally secure, but it provides a solid industry approved level of security. Google and others are pushing hard for it’s adoption, and when happens good thins come to those who take advantage.
Benefits of SSL
- Trust – Buyer Perception of Brand
- Rankings Boost
- Faster Loading
First and foremost, the SSL certificate signals to your website visitors that they have an encrypted connection to your website. This is especially important if you’re selling directly with eCommerce, or when sensitive information is being passed through the browser.
Of course, having a “Not-Secure” website has tremendous impact on trust and the perception of the brand. Back in late 2016, Google announced that they would be changing the appearance of the Chrome browser search bar to show when a visitor has a “Secure” or “Not-Secure” connection (other browsers have also made similar changes). Google intends to move to an even more blunt warning that pages are “Not-Secure,” including placing the text in red. That change can have an even larger impact on the ability to convert a purchase, let alone trust in the brand. Understanding the security risks of Internet use should continue to grow over the years, and these incremental changes are pushing the needle.
To sweeten the deal, Google also announced that they are giving a mild rankings increase to SSL (https) websites. This is especially important reason to convert if you are in a competitive market and your competitors are not using SSL! Though the ranking increase is mild, they have the ability to tweak that and increase it whenever they want. It’s important to be on the boat when it leaves the dock — if you catch my drift.
Another lesser know benefit is that https websites tend to load slightly faster than http. In the age of fast, secure, and mobile that’s important. So this is another good reason to jump on the wagon. Here’s a good website to try out the difference in https and non-https speed.
Get started with SSL
You’ll need to purchase a SSL certificate from your domain or host provider (though I have heard there are free ones available but you may have to jump through hoops). There are different certificates available like “wildcard” that allow you to implement on domains with multiple sub-domains, and then there are basic certificates, and more advanced ones ( if you want to include your company name in the browser bar be prepared to pay for that).
After you’ve selected and purchased your certificate, you’ll need to do a bit of setup to install it correctly. I should note here that often (too often!) I see incorrect setup of the certificate. The main thing to remember is that all versions of your website should point to your preferred version! So the following should all 301 redirect to your preferred domain; let’s use an example of my lab project with my preferred domain of https://discgolfdojo.com. That means all of the following are 301 redirected (usually handled in a htaccess file) to that version:
If you use WordPress, there is a great plugin that streamlines this process for you, aptly called Really Simple SSL. Don’t sleep on testing your preferred domain versions. Otherwise, you’ll end up with duplicate content as there will be multiple versions of your website, or your visitors will get the dreaded screen of death (a big white page with a big warning that says the page is un-secure – super bad!). The final step is to add all versions to Google Search Console and signal your preferred domain version.
Good luck, and here are some more resources from Google:
The new SSL practices that are used by google work very well from the perspective of the websites selling product or services, but seem to be an added expense for those non-business type of sites. Whether it be a blog site or just an information driven site. Sometimes people will avoid what is otherwise harmless due to the scary “this website is insecure” message that we see from the google browsers.
Your thoughts on this?
I agree, and not just on expense but on implementation time as well (some setups have been a lot harder than others). However getting people used to encryption is probably a good idea for the long term. It would be a nice to have a pass through for non-collector/ info-only sites.