You’ve got a great domain name, you’ve purchased a good hosting plan and your developers have set up a clean, feature-rich website. Everything looks good and your business is finally online.
That’s great – but that’s not all. If your website, user data and traffic aren’t secured, you jeopardise the credibility of your business, the authenticity of your online presence, the trust your business inspires in customers and the confidence you enjoy from them in return.
Sounds bad? It’s actually much worse.
This is where SSL certificates come to your rescue. A good SSL certificate can solve all these problems, and then some. In this post, we will discuss what SSL certificates are, why business websites must have one and why you should sort out potential HTTPS issues to avoid getting hit by Google penalties.
SSL is the acronym for Secure Sockets Layer. At its heart, SSL is an addition to the basic web protocol (HTTP). If a website is SSL encrypted, you will see a padlock and/or HTTPS (Secure) protocol in the address bar. Here’s an example:
An SSL certificate is a tiny file that establishes, validates and continues to encrypt the exchange of information between the visitor and your server (and vice versa). If you want to learn more about the basics of SSL, we’ve got you covered in this post.
It does sound cliched, but in this age of information, data is enormously valuable. The internet is packed full of people and programs that really, really want to take advantage of the smallest openings, vulnerabilities and weaknesses in websites to distort, hijack and even steal information. Think of SSL as a wall – a wall that keeps your website and customers safe from prying eyes and ears of such bad actors.
That said, let’s go into the technicalities of how SSL works.
Important Update (September 2018): Google insists that SSL should be the norm, not an exception. As an extension of this stance, SSL secure websites will no longer feature the ‘green’ padlock on Google Chrome. The padlock will still be there, but it will be gray in colour, and will imitate the colour scheme of the rest of the URL. Click here to read more about this change.
SSL works exactly like any encryption program or software out there.
The main job SSL has is to protect your website and its visitors. To achieve this, SSL diverts every bit of communication to and from your server through a secure, encrypted channel using sophisticated encryption keys. This communication is decrypted at the user end (the browser) and the data end (the server) with the help of private keys. The process of establishing a secure connection is confirmed with what is called a ‘handshake signal’.
It sounds a tad too complicated, but it really isn’t. Refer to the graphic above to understand the schematics of SSL better.
If your business has online presence, you know how important it is to streamline every bit of it. From your social media to your website, every channel must be adapted to what the people – your potential customers – want.
The people have spoken. They don’t just dislike bad user experience, they positively hate it. They know how to tell ads from content. Many of them know how to block ads – mentally as well as technically. They know how to judge a website’s worth in a heartbeat. And yes, they do instinctively look at the address bar to see if your website has the familiar padlock.
We have rounded up some important reasons why every business website must have an SSL certificate:
Let’s keep every other feature and benefit of SSL aside for a moment and think about you.
Your website is the best online representation of your business. You’ve got a ton of data stored safely and discreetly on your servers. You think that your hosting service provider has got your back. But do you know there are countless (and very easy) ways to access this data as it makes trips around the world?
The most common method – in practice for years – is called the Man in the Middle (MITM) method. The data on your servers has to eventually travel through the network and to the visitor (that’s the entire point of having a website). A ‘bad actor’ – it could be a person, a group of hackers, a program or a cutting-edge bot – can easily intercept, read, alter and use this data any way they please.
An SSL certificate can – in one go – make it virtually impossible for common hackers to execute MITM attacks on your website. In this safe space, you can host your content assets more confidently. And when it comes to creating content that converts, we – at HQ SEO – have your back with a comprehensive range of services. To get in touch with us, click here. You can also find the free proposal form right at the end of this article.
Important: SSL only encrypts the network traffic. It does not ‘protect’ the server-side data. You may want to talk to your hosting service provider and your IT team if you want to add more server-side security.
Let’s now, for a moment, put you in the visitor’s shoes.
You visit a business website and like what you see. You are tempted to perform an ‘action’. It could be anything – from sending the business a message to giving them your contact details, or even placing an order using your credit card. The least you expect from the website, in such cases, is the assurance that this information will be kept confidential and will not be misused.
Courtesy: DLA Piper
The data protection acts and laws are already making sure that people are allowed to be safe online. Mismanagement and mishandling of user data can land website owners in a legal tangle. Having your website SSL encrypted is the logical first step that helps you handle confidential information in a more responsible way.
The conversion rate is a wonderful metric. In many situations, this one number can tell how your website has been performing. Most of your campaigns – from marketing and SEO to lead gen and PR – will ultimately boil down to the number of conversions.
Data Source: Crazy Egg
Even the tiniest of tweaks can make or break your conversion optimisation efforts. Having an SSL certificate is one such tweak that can help you bypass the ‘last click hurdle’ (think of abandoned lead funnels, abandoned carts, abandoned downloads and more). The fact is nobody wants to download a free e-book, request a quote, send over contact details or provide credit card information on a non-secure website.
As visualised above, nearly 50% of regular internet users trust websites that have an SSL certificate. In other words, not having an SSL certificate can hurt your conversion rates beyond measure. If you’re struggling with less-than-satisfactory conversion rates, our conversion rate optimisation service is for you. To get in touch with us, click here.
It’s already been 4 years since Google announced that their ranking algorithm will – sort of – give more weightage to websites that have valid and active SSL certificates. Google even explicitly tells Chrome users if the website they are visiting isn’t secure (see below). This is a red flag even for the uninitiated.
Now that we have enough experience and insight into the matter, we can say that this is more of a passive tactic. Having an SSL certificate does give your SEO a little bump, but it’s not measurable. The whole logic behind treating HTTPS versions of websites with preference is to encourage adoption, fight spam and help users.
Most spam websites don’t have SSL certificates. So, when Google says it wants you to adopt HTTPS, it’s actually making life easier for its crawlers. More importantly, SSL has a direct and positive impact on other user experience metrics such as engagement, bounce rates, pages per session and minutes per session.
Whatever the reasons, all you should take away from this point is that this tiny padlock will keep adding value to your SEO, day in and day out.
If you’re already reading this, you probably don’t need to hear more about the importance of SEO. But the SEO landscape keeps evolving every few months, and if you haven’t been keeping up with it, you are just conceding ground to your competitors. To get a clear vision of the present state of SEO on your website, click here. At HQ SEO, we also provide measurable, effective and end-to-end digital marketing services to complement SEO campaigns. To get in touch with us, click here.
It doesn’t take much for myths to form. Here are three common SSL myths that have been doing the rounds for years:
If you don’t have an SSL certificate live on your website, this is probably the reason.
The fact is, every website that aims to interact with users should have an SSL certificate. Even if you receive no more than 50 unique visitors per day, all of them are still your potential customers, and it’s your responsibility to give them a safe and secure user experience.
Considering the benefits they bring on board, SSL certificates are not at all expensive. The cost depends on the kind of security you want and the traffic your website receives. If you handle financial transactions on your website, you can go for an SSL certificate that offers built-in warranty/insurance. Such certificates typically cost $100 to $400 per year.
Websites that don’t process financial transaction can purchase instant SSL certificates for less than $100 per year. If you don’t want to go that far, you can even get one for free – but I wouldn’t recommend it.
It’s true that having an SSL certificate adds to the load times of a website. This additional lag, however, is so insignificant that it really shouldn’t matter to most websites. Given that a majority of your users will have access to high-speed connections, a lag of 10 to 50 microseconds should never matter.
No. Having an SSL certificate doesn’t mean all the SEO goodwill you have accumulated over months and years goes down the drain. All you have to do is set up an HTTP redirect in the root folder of your website (.htaccess, for example). Remember – you will need to let Google know of this update by making necessary changes in your Search Console.
It all depends on what you expect from the certificate. At the very basic level, all SSL certificates provide similar trust value. If there’s more at stake (financial transactions, for example), you should go with better, more robust options.
There are three major types of SSL certificates you can choose from:
This is the cheapest and the most basic SSL certificate. Most hosting service providers offer these certificates as a part of their hosting plans. It displays the HTTPS protocol but does not display the name of your organisation. Such certificates are domain-specific and issued instantly without any paperwork.
These certificates are similar to DV SSL certificates with one difference – the certificate issuer verifies your right to run the website under the name of your organisation. Very few websites use OV SSL certificates, and they are likely to be phased out in coming years.
This is the highest end of commercially available SSL certificates. These certificates display the name of the organisation alongside the HTTPS protocol to add more trust value to the website. Obtaining an EV SSL certificate is a lengthy process that involves paperwork.
The easiest way to purchase and install an SSL certificate is to approach your hosting service provider.
Every leading hosting company provides SSL certificates at competitive rates. If you want to purchase an SSL certificate on your own, you can base your decision on the following criteria:
To install an SSL certificate, follow the instructions provided by your hosting service provider and certificate issuer. The standard process involves activating the certificate in your hosting account, or uploading it directly to your server. If your certificate didn’t come with instructions, follow this guide or talk to your IT team.
When it comes to safeguarding your business and your customers, nothing should be outside of your agenda.
Trust, as we all know, is the backbone of every successful business. To inspire trust and confidence in people who visit your website, it’s important to get your SSL issues sorted as soon as you can.
Once you have a safe and secure website up and running, it’s time to get the word out. At HQ SEO, we offer a complete range of digital marketing and SEO solutions with measurable and actionable results. From keyword research to general SEO and digital PR to content marketing, we’ve got you covered with our end-to-end services. To get in touch with us, click here. You can also request a free proposal below.