In today´s post I will share with you some great tips on how to protect your website with an SSL certificate.
I completely understand.
There’s so much jargon out there – you can’t be expected to keep up with all of it.
But I think that these are two terms that you need to become familiar with because they are starting to play an increasingly important role online.
Let me explain.
HTTPS and SSL are the basic components of online security. HTTPS is the secure protocol for securely connecting a browsing device (e.g. PC, laptop, tablet) with a server that hosts the data (e.g. a website).
SSL (Secure Socket Layer) is the certificate installed on the web server to allow a secure connection to be made.
You probably recognize this already – it’s the green browser bar or secure padlock area that you use when you’re making online payments
OK, so far so good.
But most people who have a website might logically answer that as they’re not selling online this doesn’t apply to them – why should they need to secure their website if there’s nothing confidential like credit cards or login credentials?
Whatever your views on them, Google has the power to influence behaviour – on a huge scale.
Think back to their announcement (MobileAggedon) in April 2015 that they would be using mobile friendliness as a ranking factor. All of a sudden everyone was scrambling to get a mobile website built.
Well you can be forgiven (again) for having missed their earlier announcement in August 2014 that HTTPS is also a ranking factor. This is part of their drive for what they refer to as HTTPS Everywhere.
Basically what this means is that they’re encouraging website owners to adopt HTTPS and move away from insecure HTTP.
So the message is clear – Google is starting to favour sites that adopt HTTPS using an SSL Certificate. This is regardless of whether they are selling online or not.
This is what we mean when we talk about ‘Always On SSL’.
So let’s have a look in more depth at this important subject so that you can make an informed decision.
What is SSL?
SSL or secure socket layer is the technology that encrypts the connection between the web browser and the websites so that all the communication between your website and the web browser is encrypted, making it hard for any attacker to intercept it.
You will normally purchase your SSL Certificate from a hosting company or specialist SSL vendor.
There are several steps to install your SSL and you may need to get your hosting company or a Developer to assist you to make the switch.
But once it’s installed you’ll either see the padlock or the full green address bar depending on which SSL Certificate you’ve purchased.
For example, The GlobalSign website home page is SSL encrypted as you can see in the following image
Image 2: GlobalSign SSL encrypted home page
How SSL protects Customers Data
Using an SSL certificate encrypts the connection between the user’s web browser and the web server. What this means is that if a hacker intercepts any data between the connection then the encrypted data will just read as gibberish.
This is useless to them unless it is decrypted back again. This can only be done on the server side where the SSL certificate is actually installed.
The following steps give a high level overview of how the SSL encrypted connections are established:
Step 1: At first The user types the URL https://www.abc123.com
Step 2: The web server receives the request and it replies back with the public key of the SSL certificate to the client. This is called an SSL handshake.
Step 3: The client receives the public key of the server, it encrypts the connection with the server’s public key and it also sends its public key to the server for the verification purposes.
Step 4: The server can now establish encrypted connection between the client (web browser) and the server and will also be able to verify the client (web browser).
The Security Advantages of Always On SSL
There’s no denying the importance of SSL for encrypting your website. It’s the most basic way to prevent hackers intercepting traffic between your visitor’s browser and your website.
But the problem is that nowadays websites have so much functionality and so many features that can be compromised.
Even basic things like uploading posts, sending files via FTP, commenting or even logging in as admin for administrative purposes are all potential areas where a hacker looks to exploit weaknesses.
Let’s face it, hackers don’t publish their modus operandi and for smaller websites they’ll argue that it’s nothing personal – their programs have detected a weakness and they’re just exploiting it.
So the best way to give yourself the basic level of protection is to use Always On SSL so that every URL in your website starts with https:// at the front.
This is what we mean by Always-on SSL.
The Commercial Advantages of Always On SSL
As we mentioned at the beginning, HTTPS is a stated Google ranking factor. That means that if you want to get a high ranking for your website then HTTPS counts in your favour.
But Google takes into account hundreds of factors when determining a website’s position in its rankings and you might be disappointed if you switch to Always On SSL with the expectation of getting a high ranking on that alone.
To demonstrate this, we recently reviewed over 540 UK B2B websites to determine what separated the ‘Best in Class’ websites (i.e. top 3 ranking) from lower ranked websites which typically appear on the 3rd page of Google’s search results.
What we found was that using HTTPS/Always On SSL was not a major factor in a high ranking.
The four most important attributes were having a well optimised website (especially correct use of keywords in metatags and headings), number of Google reviews, number of pages and number of referring domains (i.e. backlinks).
However, there is a caveat when it comes to Always on SSL and that is that we found that very few sites had made the switch. In fact it was between 2 to 3% of the total population.
This would therefore indicate a very low take up for switching to HTTPS. But let’s reiterate that Google has made it clear that the trajectory is for increased online security.
Always on SSL is definitely the direction of travel and it’s not a question of ‘if’ you make the change – it’s when you make the change.
Granted, that ranking advantage may be small now but you can get ahead of the curve by switching now and avoiding the rush.
I mean can you imagine the panic when Google makes a sudden announcement along the lines of non HTTPS sites will be dropped from its rankings in 3 weeks or something.
Now I’m not saying that this is going to happen 100%, but as I say, the direction is clear and it would be a smart move to make the switch as soon as you can.
But aside from the ranking question, there is also the question of consumer confidence. If people come to your website and see that it is unsecured then this may turn them away.
Always On SSL sends out a clear message that you take security seriously and you are a reputable business.
Always On SSL is increasingly becoming the basic price of admission for an online business these days. This applies to both Ecommerce retailers and non Ecommerce businesses alike and has only increased in importance since Google’s announcement that it will start to factor HTTPS as a ranking signal in it’s search algorithm.
Aside from the ranking perspective, Always On SSL clearly demonstrates that you are a reputable business who takes security seriously.
Rather than delay switching it would be wise to make the switch as soon as possible or at least have a plan in place to avoid having your hand forced by a more aggressive Google update.
The bottom line is that adopting Always On SSL means you are future proofing your website.
I hope you found this guide on how to protect your website with SSL useful.
Thanks for reading and leave your questions below to keep the conversation going.