SSL or Secure Sockets Layer is a level of protection most websites in 2018 should have. SSL can be seen by the green padlock & secure note when on Google Chrome.
Security & especially cyber security is currently in the news with multiple massive billion pound companies getting hacked on what seems like a weekly basis. Today HQ SEO are not going to dive in depth into cyber security but we are going to talk about the importance of having SSL installed and most importantly working on your site. Below are our 4 strongest recommendations when it comes to SSL & HTTPS.
Furthermore, we are going to outline the various differences between getting a paid for SSL or using a free service such as Let’s Encrypt or Cloudflare.
Table of Contents
SSL is the very backbone of your security. What it does is protect your sensitive information as it travels around through the virtual world. It is essential in protecting your websites, regardless if there is sensitive information or not. You want it because it will provide you with privacy, data integrity and critical security for both your users personal information and that on your website.
There is one primary reason why SSL is used on many websites around the world and for many websites, it keeps all sensitive information encrypted so that only the person it is intended for can access it. As information travels through the internet, it has to stop by multiple computers before making it to the server. When it does this, each of those computers (could number into the hundreds) have access to your sensitive information if you do not have an SSL certificate.
If you have an eCommerce store or sell anything directly from your website and don’t have an SSL certificate set-up and established you’ll be losing potentially all knowledgeable people from your store. Luckily only around 1 in 25 eCommerce stores don’t have SSL’s properly installed on their site.
The problem relates to other websites. Based on a split test of data from companycheck, 100 randomly selected businesses between 1-10 million a year in revenue – 42% DIDN’T have SSL’s set-up correctly. That’s 42 out of 100 UK based 7 figure companies are missing this incredibly important element! So why’s it so important from a security point of view?
The primary reason SSL’s & HTTPS is so important is in relation to sensitive information. Although payment information is the obvious type that springs to mind, any personal data that needs to be encrypted over the web also needs an SSL to enable this. User’s now are starting to become more knowledgeable about this to, which brings us onto point 2.
Unsecured sites lack trust in the eyes of the users. Personally if I’m using an unsecured site I’ll never enter any personal information including and especially payments and passwords, but also as far as any generic personal data about myself.
Many users are now seeing sites that can’t take that one small step to be a secured site they may not be able to deliver or be trusted in the specific offering they are in-fact trying to sell/talk about. SSL is such a small time & money investment it really should be made as the increased trust the site will achieve from having this will easily pay for any small costs upfront.
A more technical element to remember from an organic search point of view is to 301 redirect non secured (http) versions of the site to the secured (https) versions.
Also remember to redirect the www. version as well. This would be the http://www. version of the site. Any developer or digital marketing expert should be able to implement this for you.
Having a secured site is in fact a Google ranking factor, meaning if you have this in place you’ll not only increase security, improve trust but you’ll also rank higher in Google as a result of implementing these changes.
As mentioned SSL’s and having a secured site improves organic rankings, but it also improves rankings indirectly as a result of user experience. For example having a lower bounce rate, higher time on site as a result of higher trust signals will indirectly improve the ranking of the site long term. This is due to Google using more user experience metrics in their algorithm moving forward.
In today’s age where fraudulent hackings are occurring on a regular basis, website owners and online users are becoming more concerned about their security and that of their information. As you can tell from the information above, SSL has become a prerequisite for all who use the internet.
There are two types of SSL, a free one and a paid one.
Since there are two options, you want to be sure you are making the right choice for you. First, you need to know what each of the different types of SSL certificates are before you can decide.
This SSL certificate is as the name says, free. That means there is no price tag attached to this one. Why do they make free SSL certificates? The free certificates are so that you can access HTTPS regardless if you have a budget for it or not.
There are two types of free SSL certificates. There is the “Self-signed certificate†and the Certificate authorities own. The first is a certificate that is signed by the issuer themselves. The latter is the one signed by the certificate Authorities.
Though these certificates are free, they do provide the same level of encryption as the paid ones do.
These certificates come with a price tag and are issued and signed by a trustworthy certificate authority. You can get them directly from the Certificate Authorities website or from any of their 3rd party resellers. Again, the encryption level is the same.
Since both the free and paid SSL certificates provide the same level of encryption, you are going to want to find out why you should pay for one if there is a free version.
In order to make the right decision regarding getting an SSL certificate for your website, you need to know what defines them and what sets them apart. For that, you need to know what the differentiators mean.
When you pay for an SSL certificate, you are getting round the clock support from the provider. You will be able to choose the type of support you want from email to live chat. When it comes to the free version of the SSL certificates, there is no support offered at all. If you ever need help with your free SSL certificate, you are going to have to put up the time to search for answers on your own.
With the free certificates, there is no indication that your website or information is SSL certified. Therefore, users go to your site at their own risk. However, when you use a paid SSL certificate, there are indicators that show that your site is secure. These indicators can be shown by the green padlock you saw at the beginning or a green address bar. Furthermore, you might be able to have a better site seal that provides authentication of your SSL certificate. What it comes down to is letting your customers know that your site is safe or just letting them chance it.
Since free SSL certificates only come with a Domain Validation option, you might not feel that is enough. Domain Validation is only used for basic authentication levels and are generally used for small websites or blogs. However, if you have a larger organization that takes payments or ecommerce stores, you want to have the Organization Validation or Extended Validation certificates. These are best used for online stores, services that can be paid online and the like.
All free SSL certificates come with a 30-90-day validation. As a result, you must spend more time by renewing your SSL certificate within that time period. However, if you choose the paid SSL certificates you can have it issued for as little as a year to a maximum of 2 years before you need to worry about renewing it.
In the event of anything going wrong with your free SSL certificate, you are on your own. With the paid certificates, you get a warrantee that can pay out anything between 10k and 1.75 million. All paid certificates are backed by warrantees. Therefore, if you experience a catastrophic event, like a failure of their PKI for example, you will be backed up by the warrantee. No paid SSL certificate, no back up in the event of something going wrong.
The only thing that is validated when issuing an SSL certificate that is free is the identity of the website owner. Nothing else will be validated. However, when you have a paid SSL certificate, verification of the owner is a must in order to receive that certificate. If you have an Organization Validation or an Extended Validation, there will be a more detailed validation of your business before the Certificate Authority will issue you a certificate.
Choosing the SSL certificate, you want for your website can come down to the various differentiators that set the free and paid versions apart. If you have a small business or blog online, then you might consider the free version.
However, if you have an online store or accept payments or personal details through your website, you will want the paid version. Reading through the various differences between the two can tell you why.
Ultimately, you want to build a level of trust with your visitors, this can be accomplished more easily when you choose to purchase your SSL certificate. Since everyone is concerned about security breaches and their personal information going public, its always a good idea to make your visitors feel comfortable to come to your website through the obvious indicators that show you are SSL certified.
SSL’s are relatively easy to set-up on a site and the benefits of having them installed from both an onsite SEO point of view and a user experience/safety aspect is huge. Any designer or developer should easily be able to install the certificate working with the hosting company where your site is hosted.
In the future Google & other web browsers will start to crack down on sites that are not secure, meaning this simple completion may cause your business to lose both customers or clients through lack of trust, as well as lost rankings and sales in the long term through lower organic rankings.