SSL Certificate: Why your website might need one now

Starting in January 2017, Google will flag your website as insecure if your website doesn’t have an SSL certificate AND you are in these circumstances:

  • If any page of your website requires a password to see (e.g. a page on a member’s area or professional’s area) or
  • If your website is an eCommerce site (that requests credit card information via web forms)
  • and someone visits it in Google’s Chrome browser (which are 54% of web users)

SSL means Secure Socket Layers. SSL is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook). An SSL certificate is a bit of code on your web server that provides security for online communications. When a web browser contacts your secured website, the SSL certificate enables an encrypted connection. It’s kind of like sealing a letter in an envelope before sending it through the mail.

Without this SSL certificate, starting in January 2017, users are going to get a big warning that tells them your site is “not secure”. This is what the change will look like:

SSL Security warning

Source: Google – https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

Without a doubt, this will create a negative impression for your web visitors, most of which are already concerned about internet security.

Remember: If you do not either require passwords to use portions of your website or do not request credit card through web forms, there is nothing for you to do or worry about… but that will change eventually – read on.

Google wants every site to have an SSL certificate

This is crucial, and just the beginning of Google’s aim to make the web more secure. Security, they say, has always been “ top priority” for them. Eventually, Google suggests that they “plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”

sites without an SSL certificate

Why? Google says in their blog post announcing the change:

Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.

SSL certificates look like this in action

Take a look at how sites with SSL will appear. Notice how the LiveseySolar site and the Amazon site both have the lock icon next to their URL in the browser window. This means they have a valid SSL certificate.

How to get an SSL certificate for your website

First, everything is going to be easier if WordPress is powering your website (like all the sites we make). In this case, all you need to do is contact your web host (the company that rents you server space to store and serve your website) and ask them to install an SSL certificate. If you’re not running WordPress, you may run into some issues which we’ll not get into in this post. We are sending all of our clients a special email that includes this blog post and instructions on how we can help them do this. Once you’ve installed an SSL certificate, you’ll get an HTTPS in front of your web domain in the browser URL bar, instead of an HTTP. Do this with your web developer’s knowledge because they will need to perform many tasks once the SSL certificate is in place.

Moving to HTTPS, even before you need to, may boost your SEO

To implement advanced online security, in 2014 – the search giant announced HTTPS as a ranking signal. Further a study of over a million Google search results reveals that HTTPS moderately correlated with higher search rankings on Google’s first page.

Brian Dean found that HTTPS is moderately correlated with higher search rankings on Google’s first page.

Before you get too excited, setting up HTTPS is easy, but correctly converting to HTTPS isn’t a consistent practice, so look before you leap. Switching protocols involves changing your fundamental URL structure, so there is a lot to do on the backend after the certificate is in place, including:

  1. Crawling your current website and updating all of the links and setting up 301 redirects
  2. Updating the HTTPS version of your site in your htaccess file, CDN, Google Search Console and Google Analytics
  3. Testing to see that everything is working the way it should

If you want a full technical run-down on how to convert from HTTP to HTTPS, Neil Patel’s blog post will help you immensely.

Experts advise that making a move just for SEO purposes might not be worth the time and expense (and the risk of screwing it up, which might tank your rankings), but that every new site should now be set up with HTTPS from the word “go”. Also, when Google starts to shame your non-secure site in earnest, there really will be no other choice.

2018-01-24T17:02:39+00:00By |Categories: Step 1: Getting more leads|Tags: , , , , , |Comments Off on SSL Certificate: Why your website might need one now

About the Author:

Rod Solar is the Director of Practice Development Consulting of LiveseySolar, a healthcare marketing and sales training company. Rod has created successful and engaging training systems for over 25 years. His advice routinely generates 6-figure incremental increases in income for his clients by teaching them how to systematically improve customer service while increasing sales at the same time. His training offers an elegant (and fun) step-by-step conversational approach which benefits surgeons, practice managers, hospital staff, and non-medical staff working in private healthcare settings. Rod wrote and delivered the Business Development, Clinical Governance and Medicolegal Issues module for the University of Ulster’s Postgraduate Diploma in Cataract and Refractive Surgery (Theory) - PgDip. He is a regular presenter at the European Society of Cataract and Refractive Surgeon’s Congress Practice Development Programme and has regularly published articles about healthcare marketing in The Ophthalmologist, Optician, European Ophthalmology News, Cataract & Refractive Surgery Today, Eurotimes and Independent Practitioner Today. Rod has been a professional salesperson (B2B and B2C), management consultant, college lecturer, an industry leader, and executive coach. His clients include Optegra, EuroEyes, ZEISS, Moorfields Private, London Vision Clinic, Thiele, and many other high-quality, private Ophthalmology clinics from the UK, Europe, USA, Canada, and the Middle East. Rod has a degree in Psychology and Human Performance from UBC. He lives in London, UK and you can follow him on Twitter: @rodsolar.