General SEO

Here’s Why You Need to Get HTTPS (SSL) Sorted Today

by Tom Buckland October 30, 2018

You’ve got a great domain name, you’ve purchased a good hosting plan and your developers have set up a clean, feature-rich website. Everything looks good and your business is finally online.

That’s great – but that’s not all. If your website, user data and traffic aren’t secured, you jeopardise the credibility of your business, the authenticity of your online presence, the trust your business inspires in customers and the confidence you enjoy from them in return.

Sounds bad? It’s actually much worse.

This is where SSL certificates come to your rescue. A good SSL certificate can solve all these problems, and then some. In this post, we will discuss what SSL certificates are, why business websites must have one and why you should sort out potential HTTPS issues to avoid getting hit by Google penalties.

 

What is SSL?

SSL is the acronym for Secure Sockets Layer. At its heart, SSL is an addition to the basic web protocol (HTTP). If a website is SSL encrypted, you will see a padlock and/or HTTPS (Secure) protocol in the address bar. Here’s an example:

 

Example of SSL URL with Padlock - HTTPS - HQ SEO

 

An SSL certificate is a tiny file that establishes, validates and continues to encrypt the exchange of information between the visitor and your server (and vice versa). If you want to learn more about the basics of SSL, we’ve got you covered in this post.

 

It does sound cliched, but in this age of information, data is enormously valuable. The internet is packed full of people and programs that really, really want to take advantage of the smallest openings, vulnerabilities and weaknesses in websites to distort, hijack and even steal information. Think of SSL as a wall – a wall that keeps your website and customers safe from prying eyes and ears of such bad actors.

 

That said, let’s go into the technicalities of how SSL works.

Important Update (September 2018): Google insists that SSL should be the norm, not an exception. As an extension of this stance, SSL secure websites will no longer feature the ‘green’ padlock on Google Chrome. The padlock will still be there, but it will be gray in colour, and will imitate the colour scheme of the rest of the URL. Click here to read more about this change.  

 

How Does SSL Work? What Does an SSL Certificate Do?

HTTP vs HTTPS - How Does SSL Work - What Does SSL Do

 

SSL works exactly like any encryption program or software out there.

The main job SSL has is to protect your website and its visitors. To achieve this, SSL diverts every bit of communication to and from your server through a secure, encrypted channel using sophisticated encryption keys. This communication is decrypted at the user end (the browser) and the data end (the server) with the help of private keys. The process of establishing a secure connection is confirmed with what is called a ‘handshake signal’.

It sounds a tad too complicated, but it really isn’t. Refer to the graphic above to understand the schematics of SSL better.

 

Here’s Why Your Business Website Needs SSL

Does My Business Website Need SSL - Importance of SSL

 

If your business has online presence, you know how important it is to streamline every bit of it. From your social media to your website, every channel must be adapted to what the people – your potential customers – want.

The people have spoken. They don’t just dislike bad user experience, they positively hate it. They know how to tell ads from content. Many of them know how to block ads – mentally as well as technically. They know how to judge a website’s worth in a heartbeat. And yes, they do instinctively look at the address bar to see if your website has the familiar padlock.

We have rounded up some important reasons why every business website must have an SSL certificate:

 

A.    First Thing’s First – SSL Keeps Your Website Safe

Let’s keep every other feature and benefit of SSL aside for a moment and think about you.

Your website is the best online representation of your business. You’ve got a ton of data stored safely and discreetly on your servers. You think that your hosting service provider has got your back. But do you know there are countless (and very easy) ways to access this data as it makes trips around the world?

The most common method – in practice for years – is called the Man in the Middle (MITM) method. The data on your servers has to eventually travel through the network and to the visitor (that’s the entire point of having a website). A ‘bad actor’ – it could be a person, a group of hackers, a program or a cutting-edge bot – can easily intercept, read, alter and use this data any way they please.

 

Man in the Middle Attack - MITM Attack - How MITM Works

 

An SSL certificate can – in one go – make it virtually impossible for common hackers to execute MITM attacks on your website. In this safe space, you can host your content assets more confidently. And when it comes to creating content that converts, we – at HQ SEO – have your back with a comprehensive range of services. To get in touch with us, click here. You can also find the free proposal form right at the end of this article.

Important: SSL only encrypts the network traffic. It does not ‘protect’ the server-side data. You may want to talk to your hosting service provider and your IT team if you want to add more server-side security.

 

B.    SSL Also Keeps Your Visitors Secure

Let’s now, for a moment, put you in the visitor’s shoes.

You visit a business website and like what you see. You are tempted to perform an ‘action’. It could be anything – from sending the business a message to giving them your contact details, or even placing an order using your credit card. The least you expect from the website, in such cases, is the assurance that this information will be kept confidential and will not be misused.

 

Data Protection Laws Around the World - HQ SEO

Courtesy: DLA Piper

 

The data protection acts and laws are already making sure that people are allowed to be safe online. Mismanagement and mishandling of user data can land website owners in a legal tangle. Having your website SSL encrypted is the logical first step that helps you handle confidential information in a more responsible way.

 

C.     Leads, Messages and Payments – SSL Helps Conversions

The conversion rate is a wonderful metric. In many situations, this one number can tell how your website has been performing. Most of your campaigns – from marketing and SEO to lead gen and PR – will ultimately boil down to the number of conversions.

 

SSL Certificate Trust Factor for Websites - HQ SEO

Data Source: Crazy Egg

 

Even the tiniest of tweaks can make or break your conversion optimisation efforts. Having an SSL certificate is one such tweak that can help you bypass the ‘last click hurdle’ (think of abandoned lead funnels, abandoned carts, abandoned downloads and more). The fact is nobody wants to download a free e-book, request a quote, send over contact details or provide credit card information on a non-secure website.

As visualised above, nearly 50% of regular internet users trust websites that have an SSL certificate. In other words, not having an SSL certificate can hurt your conversion rates beyond measure. If you’re struggling with less-than-satisfactory conversion rates, our conversion rate optimisation service is for you. To get in touch with us, click here.

 

 

D.    SSL Helps SEO

It’s already been 4 years since Google announced that their ranking algorithm will – sort of – give more weightage to websites that have valid and active SSL certificates. Google even explicitly tells Chrome users if the website they are visiting isn’t secure (see below). This is a red flag even for the uninitiated.

 

HTTPS Website - Not Secure Website Google Chrome - HQ SEO

 

Now that we have enough experience and insight into the matter, we can say that this is more of a passive tactic. Having an SSL certificate does give your SEO a little bump, but it’s not measurable. The whole logic behind treating HTTPS versions of websites with preference is to encourage adoption, fight spam and help users.

Most spam websites don’t have SSL certificates. So, when Google says it wants you to adopt HTTPS, it’s actually making life easier for its crawlers. More importantly, SSL has a direct and positive impact on other user experience metrics such as engagement, bounce rates, pages per session and minutes per session.

 

Whatever the reasons, all you should take away from this point is that this tiny padlock will keep adding value to your SEO, day in and day out.

 

If you’re already reading this, you probably don’t need to hear more about the importance of SEO. But the SEO landscape keeps evolving every few months, and if you haven’t been keeping up with it, you are just conceding ground to your competitors. To get a clear vision of the present state of SEO on your website, click here. At HQ SEO, we also provide measurable, effective and end-to-end digital marketing services to complement SEO campaigns. To get in touch with us, click here.

 

Busting Some Common SSL Myths

It doesn’t take much for myths to form. Here are three common SSL myths that have been doing the rounds for years:

 

SSL Myth #1: Small Businesses Don’t Really Need This

SSL Myth - Small Websites Need SSL - HQ SEO

 

If you don’t have an SSL certificate live on your website, this is probably the reason.

The fact is, every website that aims to interact with users should have an SSL certificate. Even if you receive no more than 50 unique visitors per day, all of them are still your potential customers, and it’s your responsibility to give them a safe and secure user experience.

 

SSL Myth #2: It’s Too Expensive

SSL Myth - How Much Does An SSL Certificate Cost - HQ SEO

 

Considering the benefits they bring on board, SSL certificates are not at all expensive. The cost depends on the kind of security you want and the traffic your website receives. If you handle financial transactions on your website, you can go for an SSL certificate that offers built-in warranty/insurance. Such certificates typically cost $100 to $400 per year.

Websites that don’t process financial transaction can purchase instant SSL certificates for less than $100 per year. If you don’t want to go that far, you can even get one for free – but I wouldn’t recommend it.

 

SSL Myth #3: It Makes Websites Slower

SSL Myth - Does SSL Make Websites Slow - HQ SEO

 

It’s true that having an SSL certificate adds to the load times of a website. This additional lag, however, is so insignificant that it really shouldn’t matter to most websites. Given that a majority of your users will have access to high-speed connections, a lag of 10 to 50 microseconds should never matter.

 

SSL Myth #4: You Lose Out On the HTTP Traffic & SEO

SSL Myth - HTTP Redirect - SEO

 

No. Having an SSL certificate doesn’t mean all the SEO goodwill you have accumulated over months and years goes down the drain. All you have to do is set up an HTTP redirect in the root folder of your website (.htaccess, for example). Remember – you will need to let Google know of this update by making necessary changes in your Search Console.

 

How to Choose the Right SSL Certificate?

It all depends on what you expect from the certificate. At the very basic level, all SSL certificates provide similar  trust value. If there’s more at stake (financial transactions, for example), you should go with better, more robust options.

There are three major types of SSL certificates you can choose from:

 

Domain Validated SSL (DV SSL)

 

DV SSL Example - HQ SEO

 

This is the cheapest and the most basic SSL certificate. Most hosting service providers offer these certificates as a part of their hosting plans. It displays the HTTPS protocol but does not display the name of your organisation. Such certificates are domain-specific and issued instantly without any paperwork.

 

Organisation Validated SSL (OV SSL)

These certificates are similar to DV SSL certificates with one difference – the certificate issuer verifies your right to run the website under the name of your organisation. Very few websites use OV SSL certificates, and they are likely to be phased out in coming years.

 

Extended Validated SSL (EV SSL)

 

EV SSL Example - HQ SEO

 

This is the highest end of commercially available SSL certificates. These certificates display the name of the organisation alongside the HTTPS protocol to add more trust value to the website. Obtaining an EV SSL certificate is a lengthy process that involves paperwork.

 

How to Purchase and Install an SSL Certificate

The easiest way to purchase and install an SSL certificate is to approach your hosting service provider.

Every leading hosting company provides SSL certificates at competitive rates. If you want to purchase an SSL certificate on your own, you can base your decision on the following criteria:

 

  • User reviews
  • Level of security and validity provided
  • Handshake/ping times
  • Price
  • Paperwork assistance
  • Warranty on offer
  • Refund policy
  • Tech assistance
  • Cross-browser compatibility

 

Some of the top SSL providers are GoDaddy, Symantec, SSL.com, GeoTrust, Comodo and Globalsign.

To install an SSL certificate, follow the instructions provided by your hosting service provider and certificate issuer. The standard process involves activating the certificate in your hosting account, or uploading it directly to your server. If your certificate didn’t come with instructions, follow this guide or talk to your IT team.

 

SSL Is Not a Luxury Anymore

When it comes to safeguarding your business and your customers, nothing should be outside of your agenda.

Trust, as we all know, is the backbone of every successful business. To inspire trust and confidence in people who visit your website, it’s important to get your SSL issues sorted as soon as you can.

 

What Now?

Once you have a safe and secure website up and running, it’s time to get the word out. At HQ SEO, we offer a complete range of digital marketing and SEO solutions with measurable and actionable results. From keyword research to general SEO and digital PR to content marketing, we’ve got you covered with our end-to-end services. To get in touch with us, click here. You can also request a free proposal below.

About Tom

Hi, I'm Tom, Founder & Director of HQ SEO. I live and breathe SEO. I hope you enjoy my findings. Interested in SEO?
Let's Connect.

Get More Clicks & Higher Rankings

Get in touch to see how we've helped rank over 100+ clients worldwide, generating tens of thousands of leads and millions in additional revenue using smart inbound marketing strategies.

Get my free proposal

We Help Our Clients Make More Money

Get my free proposal