We get it: spending your time and resources out on nitty-gritty tasks (such as protecting your website with SSL) is just one of many items on the to-do list for all business leaders out there. But here’s what you need to know: customers are more savvvy than ever in this day and age; they ‘re also less likely to click on suspicious links or visit dodgy places online. Investing in in your website is a cornerstone of effective digital marketing.
Given this, it is critical that you obtain an SSL certificate for your website, so that your customers can access your website with peace of mind. We know it’s a bit of a hassle, but think about it this way: if your customers don’t believe your website is genuine, how do you expect them to make a purchase, or even convert to a lead?
Article Overview 11min read
We get it: for all the business leaders out there, spending your time and energy on nitty-gritty tasks (such as securing your website with SSL) is just one of many things on your to-do list. But here’s what you need to know: in this day and age, consumers are savvier than ever; they’re also less likely to click on dubious links or visit dodgy sites online. Investing in in your website is a cornerstone of effective digital marketing.
In view of this, it is critical that you obtain an SSL certificate for your website, so that your customers can visit your website with peace of mind. We know it’s a bit of a hassle, but think about it this way: if your customers don’t believe your website is genuine, how do you expect them to make a purchase, or even convert them to a lead?
What is SSL?
If you’re not 100% clear on what SSL is, don’t sweat it—you’re not the only one. In a nutshell, SSL refers to the standard security technology for establishing an encrypted link between a web server and a browser. By using this link, you can be sure that all the data which is passed between your browser and a web server remains private and confidential.
Let’s break this down and explain SSL using a real-life example. Let’s say you’re browsing a marketing blog and you decide to fill in a form to get a copy of the free ebook that they’re offering.
Assuming the website is insecure, a hacker can intercept your data the second you enter your details and submit the form. Now, if you’re simply providing your email address, this might not be a huge deal—but imagine the same thing taking place on an online banking portal, and hackers gain access to your internet banking password or other confidential data.
Now that’s cause for worry, right?
On the other hand, when you visit a website that’s SSL-encrypted, hackers won’t be able to intercept your data.
Here’s how it works:
Your browser forms a web server connexion, and the SSL certificate links your browser and the server (or hostname) of the website together. Since the binding is free, no one will be able to access the information you send to the site (other than you and the website you are looking at!).
We’re not going to go into the details, but as an extra layer of security, even if a hacker were able to access this information, they wouldn’t have the private key necessary to decrypt it.
What is HTTPS?
Now that you’re up to speed with SSL, let’s talk about HTTPS.
HTTPS refers to Hypertext Transport Protocol Security, and sites whose URLs start with HTTPS (as opposed to HTTP) are secured with SSL.
Most web browsers including Chrome, Internet Explorer, and Firefox display a green padlock icon in the address bar to indicate to their users that a HTTPS connection is in effect.
What does SSL have to do with SEO?
SSL has been associated with SEO for a long time now—it was back in 2014 when Google pushed out algorithms which favoured SSL-secured sites for the first time. Back then, SSL only had a small impact on SEO, and while HTTPS websites did experience increases in their rankings, these weren’t anything major.
Subsequently, Google webmaster trends analyst Gary Illyes came out to state that the boost that HTTPS provided might serve as a tie breaker, assuming that all else was equal.
Here’s how he phrases it:
What this means is, if your website and your competitors’ sites are neck-to-neck in all other factors (i.e. loading speed, title tags, quality of content, and all that jazz), then whether your sites are SSL-secured will be the determining factor in which site gets ranked first.
SSL SEO case studies
In a study on search engine ranking factors by Brian Dean, SEMRush, Ahrefs, SimilarWeb, and MarketMuse, it was concluded that HTTPS and higher search rankings were “moderately correlated”. Here’s a visual representation of their findings:
In other words: yes, SSL can help give you that extra edge!
How to get an SSL certificate for your website
First things first: determine what type of SSL certificate you need and how many certificates you need. The types of certificates depend on the level of security that you desire and the size or complexity of your website(s), whereas the number of certificates you need depends on how many websites you have (i.e. one certificate is needed per domain).
A simple SSL certificate would do the trick for the vast majority of business proprietors. But if you have multiple product lines under your belt (each with its own domain and subdomain) then multiple SSL certificates are required.
On top of that, certain industries (such as finance or insurance) come with specific requirements when it comes to SSL certifications—read up on this and make sure you know exactly what type of certificate you need.
How much do SSL certificates cost?
If you’re a startup working with highly limited resources, it’s possible to get a free SSL certificate from platforms such as Let’s Encrypt.
One caveat, though—these certificates have a pretty short lifespan and they expire every 90 days. If you do get a certificate from Let’s Encrypt, be sure to keep an eye on your certificate expiry date, so that you can renew it when necessary.
Otherwise SSL certificates usually cost a few hundred dollars (for several domains) from $50 (for a single domain). The typical certificate will be valid for one to two years, but there are long-term certificates available (although these will of course also be more priced).
Where should you get your SSL certificate from?
The short answer: get your certificate from anywhere but Symantec!
Here’s the backstory: SSL certificates issued by security giant Symantec used to be popular, but late last year, Google declared that it would soon be deprecating Symantec-issued certificates in Chrome. True to its worth, Google started labelling websites with Symantec-issued certificates as unsafe when it pushed out build 66 of Chrome in April 2018.
Upon visiting websites with certificates issued by Symantec, Chrome users will now receive a warning message that states that their connection is not private and that someone may be trying to steal their information.
In order to get to the website, users will have to click on “Advanced” and acknowledge that they would like to proceed despite the site being unsafe. As you might imagine, the multiple warnings would put off most users from clicking through and result in lower traffic for the website.
Here’s where the situation gets tricky: this problem will also affect websites with certifications that are issued by an intermediate organisation, but still use Symantec as their root of trust. This includes but isn’t limited to certificates by Thawte, GeoTrust, and RapidSSL.
Before you purchase an SSL certificate, do some digging and make sure that its root certificate authority doesn’t go back to Symantec!
Installing SSL with WordPress plugins
Did your SSL certificate purchase successfully? Depending on the supplier of certificates, you can need to take on the responsibility of installing the certificate on the website and making sure it displays properly. The good news: if you use WordPress to power your site, then there are different plugins that will help direct you through this process. Read on to learn more!
Really Simple SSL
Really Simple SSL is a user-friendly tool which helps you migrate your website to SSL. Using this plugin, you’ll be able to install your SSL certificates across all your sites and verify that Chrome doesn’t display any warnings that might make your traffic take a hit.
Insecure Content Fixer
Once you’ve installed your SSL certificate, use Insecure Content Fixer to find and fix hard-coded references to HTTP pages.
WP Force SSL
Last but not least, use WP Force SSL to ensure that everyone who visits your page sees the secure version that you’ve set up. This plugin basically forces all your traffic to HTTPS, and ensures that all pages load securely.
BONUS: Free SEO SSL Scanner
If you want to err on the side of caution, check out this free SEO SSL scanner tool by Linksspy.com. Consider this: after analyzing the HTTPS settings of the top 10,000 domains, the team over at AHREFS found that only 10% of these websites has an ideal SSL/HTTPS set up (some were missing canonical HTTPS versions, some were using temporary instead of permanent redirects, and the list goes on.)
Setting up your SSL certification is a very complicated process, so take a few more minutes to make sure your certification is properly configured using the SEO SSL scanner!