Why your website should be SSL certified.
For my first Insight Blog, I thought I’d choose a topic that seems to be gaining heat each week at the moment. SSL Certificates!
We recently made the decision to use an SSL certificate on each new site we build and host, previously we were a little more selective. There were a number of reasons behind this shift in attitude such as; Security, Trust, Google Rankings etc – we’ll explore those later in this article - but one thing that stood out and made us implement this change in thinking was a message we received from Google.
The message which we received via the Search Console was titled “Chrome will show security warnings on [domain]”. The email goes on to explain how from October 2017, the Google Chrome browser will show a ‘NOT SECURE’ warning in the browser for certain pages of a site we manage for a client.
The pages Google highlighted in this warning email were collecting Email Address information (as well as other data) from prospective customers. The email goes onto say ‘The new warning is part of a long term plan to mark all pages served over HTTP as ‘NOT SECURE’.
For us this was a game changer (certainly the last part of the message). The last thing we wanted was websites we were building and managing to be showing a ‘NOT SECURE’ message.
So whether your site is just there for information, or does collect any kind of data, we would strongly recommend running your site via the HTTPS protocol to avoid this warning in future.
What is an SSL Certificate?
An SSL (secure sockets layer) certificate is an additional layer of security to ensure the data passed between a website server and the clients’ web browser is secure and encrypted. Should someone be ease dropping on the data being sent from a server, or your own internet connection, the data passed via a non-secure connection would be easily viewable, this can lead to insecure Admin Systems, and in a worst case scenario can expose your Address and Payment Details.
The data passed via HTTPS is encrypted and completely secure, in that it would be impossible for a hacker to retrieve anything of note from the data that is being passed around.
How does an SSL Certificate work?
I don’t want to get too technical here, but essentially the process involves creating a ‘Certificate Signing Request’ on the web server, this in turn creates a pair of keys, one private and one public. The public key is used to encrypt (or lock) the sensitive information and the private key is used to decrypt (unlock) the information. The end result is that the all important data transferred between your browser and the web server is fully encrypted and secure.
Why do I need it?
There are a number of good reasons to use an SSL Certificate, they differ in importance depending on the type of site or content you manage, we’ve looked a few of the key reasons below.
As we’ve already touched on, the data sent over the standard HTTP protocol isn’t secure. For most browsing activities this isn’t much of an issue, but if your site collects any kind of information from your users that you wouldn’t want to make public, then securing this data is a must.
Our view is that sites delivered over the secure protocol are deemed more trustworthy by users. It shows the user that you care about their personal information and take your data protection responsibilities seriously.
Then there is the issue mentioned previously about your site being ‘NOT SECURE’, having this shown to your users simply because you ask for a name / telephone number for a call back request is surely going to be a conversion rate killer.
If the browser said nothing or made no mention of security, most users wouldn’t think twice about it, but having what is essentially a big red flag (not literally) at the top of your site, should be a worry to all site managers.
Google announced back in 2014 that running your site via an SSL 2048-bit key certificate would give you’re site a minor rankings boost… There is little evidence to support the kind of increases sites might expect or have received, but it’s fair to say Google wouldn’t announce this if there wasn’t something in it. I wouldn’t expect a huge turn around in traffic just because you’re now secure, but it certainly won’t hurt (if done correctly).
There are other factors from an SEO point of view to consider. Let’s take an example where your site and your competitors sites are very similar, but you host via SSL, this would surely give users more confidence in your service.
Likewise, when deciding on which link to select from Google after searching, it stands to reason that your site link (showing HTTPS) will be more desirable. Going forward, as more and more sites become secure, those that aren’t will stand out for all the wrong reason.
Is it worth it?
We think so… The cost is relatively low (£50 per year via GoDaddy, but can be lower elsewhere) and with Google clamping down more on non secure websites, there will be a time in the future where people simply won’t visit or convert on sites that aren’t using SSL.
As with the ‘mobile friendly’ revolution that happened a few years ago, it’s better to be ahead of the curve than fighting to catch up your competitors who may have already implemented this.
Are there any risks?
The main risk is that if not managed correctly, the process of moving your site from HTTP to HTTPS can actually do more damage than good where Search Engines and your users are concerned.
Certainly in the immediate aftermath of changing protocol… For example, you need to ensure that all HTTP links redirect to their HTTPS equivalent, if you typed http://sf.media directly into your address bar and hit GO, it would redirect you to https://sf.media.
The same applies to each page within our site, missing this critical step can mean links to your site stop working and your hard fought search engine rankings are harmed, resulting in less traffic.
It’s also important to tell Google that your site has changed; this is done via the Search Console (previously known as Webmaster Tools).
It would involve submitting a new site via the HTTPS version, verifying that particular site and re-submitting sitemap data. We also recommend requesting that Google crawls your site via its secure address.
Can you make my site Secure?
We certainly can… We wouldn’t recommend anyone to move there site to HTTPS unless they know what they are doing and aren’t quite technically savvy with regards website hosting and managing a sites online presence.
SF Media can help you get that all important ‘secure’ message showing in your browser. Just get in touch with our web development team and we’ll be happy to talk you through the process and help with all the behind the scenes bits that make the real different between and successful and unsuccessful transition.