SSL Certificate: Why your website might need one now
Starting in January 2017, Google will flag your website as insecure if your website doesn’t have an SSL certificate AND you are in these circumstances:
- If any page of your website requires a password to see (e.g. a page on a member’s area or professional’s area) or
- If your website is an eCommerce site (that requests credit card information via web forms)
- and someone visits it in Google’s Chrome browser (which are 54% of web users)
SSL means Secure Socket Layers. SSL is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook). An SSL certificate is a bit of code on your web server that provides security for online communications. When a web browser contacts your secured website, the SSL certificate enables an encrypted connection. It’s kind of like sealing a letter in an envelope before sending it through the mail.
Without this SSL certificate, starting in January 2017, users are going to get a big warning that tells them your site is “not secure”. This is what the change will look like:
Without a doubt, this will create a negative impression for your web visitors, most of which are already concerned about internet security.
Remember: If you do not either require passwords to use portions of your website or do not request credit card through web forms, there is nothing for you to do or worry about… but that will change eventually – read on.
Google wants every site to have an SSL certificate
This is crucial, and just the beginning of Google’s aim to make the web more secure. Security, they say, has always been “ top priority” for them. Eventually, Google suggests that they “plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”
Why? Google says in their blog post announcing the change:
Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.
How to get an SSL certificate for your website
First, everything is going to be easier if WordPress is powering your website (like all the sites we make). In this case, all you need to do is contact your web host (the company that rents you server space to store and serve your website) and ask them to install an SSL certificate. If you’re not running WordPress, you may run into some issues which we’ll not get into in this post. We are sending all of our clients a special email that includes this blog post and instructions on how we can help them do this. Once you’ve installed an SSL certificate, you’ll get an HTTPS in front of your web domain in the browser URL bar, instead of an HTTP. Do this with your web developer’s knowledge because they will need to perform many tasks once the SSL certificate is in place.
Moving to HTTPS, even before you need to, may boost your SEO
To implement advanced online security, in 2014 – the search giant announced HTTPS as a ranking signal. Further a study of over a million Google search results reveals that HTTPS moderately correlated with higher search rankings on Google’s first page.
Before you get too excited, setting up HTTPS is easy, but correctly converting to HTTPS isn’t a consistent practice, so look before you leap. Switching protocols involves changing your fundamental URL structure, so there is a lot to do on the backend after the certificate is in place, including:
- Crawling your current website and updating all of the links and setting up 301 redirects
- Updating the HTTPS version of your site in your htaccess file, CDN, Google Search Console and Google Analytics
- Testing to see that everything is working the way it should
If you want a full technical run-down on how to convert from HTTP to HTTPS, Neil Patel’s blog post will help you immensely.
Experts advise that making a move just for SEO purposes might not be worth the time and expense (and the risk of screwing it up, which might tank your rankings), but that every new site should now be set up with HTTPS from the word “go”. Also, when Google starts to shame your non-secure site in earnest, there really will be no other choice.