SSL Certificate: Why your website might need one now
Starting in January 2017, Google will flag your website as insecure if your website doesn’t have an SSL certificate AND you are in these circumstances:
- If any page of your website requires a password to see (e.g. a page on a member’s area or professional’s area) or
- If your website is an eCommerce site (that requests credit card information via web forms)
- and someone visits it in Google’s Chrome browser (which are 54% of web users)
SSL means Secure Socket Layers. SSL is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook). An SSL certificate is a bit of code on your web server that provides security for online communications. When a web browser contacts your secured website, the SSL certificate enables an encrypted connection. It’s kind of like sealing a letter in an envelope before sending it through the mail.
Without this SSL certificate, starting in January 2017, users are going to get a big warning that tells them your site is “not secure”. This is what the change will look like:
Without a doubt, this will create a negative impression for your web visitors, most of which are already concerned about internet security.
Remember: If you do not either require passwords to use portions of your website or do not request credit card through web forms, there is nothing for you to do or worry about… but that will change eventually – read on.
Google wants every site to have an SSL certificate
This is crucial, and just the beginning of Google’s aim to make the web more secure. Security, they say, has always been “ top priority” for them. Eventually, Google suggests that they “plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”
Why? Google says in their blog post announcing the change:
Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.
How to get an SSL certificate for your website
First, everything is going to be easier if WordPress is powering your website (like all the sites we make). In this case, all you need to do is contact your web host (the company that rents you server space to store and serve your website) and ask them to install an SSL certificate. If you’re not running WordPress, you may run into some issues which we’ll not get into in this post. We are sending all of our clients a special email that includes this blog post and instructions on how we can help them do this. Once you’ve installed an SSL certificate, you’ll get an HTTPS in front of your web domain in the browser URL bar, instead of an HTTP. Do this with your web developer’s knowledge because they will need to perform many tasks once the SSL certificate is in place.
Moving to HTTPS, even before you need to, may boost your SEO
To implement advanced online security, in 2014 – the search giant announced HTTPS as a ranking signal. Further a study of over a million Google search results reveals that HTTPS moderately correlated with higher search rankings on Google’s first page.
Before you get too excited, setting up HTTPS is easy, but correctly converting to HTTPS isn’t a consistent practice, so look before you leap. Switching protocols involves changing your fundamental URL structure, so there is a lot to do on the backend after the certificate is in place, including:
- Crawling your current website and updating all of the links and setting up 301 redirects
- Updating the HTTPS version of your site in your htaccess file, CDN, Google Search Console and Google Analytics
- Testing to see that everything is working the way it should
If you want a full technical run-down on how to convert from HTTP to HTTPS, Neil Patel’s blog post will help you immensely.
Experts advise that making a move just for SEO purposes might not be worth the time and expense (and the risk of screwing it up, which might tank your rankings), but that every new site should now be set up with HTTPS from the word “go”. Also, when Google starts to shame your non-secure site in earnest, there really will be no other choice.
Meet our Founders
Founder & Fractional CMO
Rod co-founded LiveseySolar and acts as a Fractional CMO for our customers. He’s on a mission to help transform the lives of 10,000 people with vision correction surgery by 2024. To achieve that, he inspires his customers to make confident decisions that will help 50,000 people take the first step towards vision correction.
LiveseySolar completely transformed the way we were approaching this… We’ve gone from having just the dream of having a practice to having a practice up and running with people making inquiries and booking for procedures… It’s extremely pleasing. We feel lucky we connected with LiveseySolar.
— Dr Matthew Russell, MBChB, FRANZCO, specialist ophthalmic surgeon and founder of VSON and OKKO
Founder & CEO
Laura Livesey is the co-founder & CEO of LiveseySolar. She has developed powerful refractive surgery marketing systems that increase patient volumes and profits for doctors, clinics, and hospitals, since 1997.
Rod and Laura know as much about marketing surgery to patients as I know about performing it. They are an expert in the field of laser eye surgery marketing. They know this industry inside out. I believe that they could help many companies in a variety of areas including marketing materials, sales training and marketing support for doctors.
— Prof. Dan Reinstein, MD MA FRSC DABO, founder of the London Vision Clinic, UK