blog

To SSL Or Not To SSL: What Every Business Should Know

Security is one signal that Google uses to decide if your website should reach the top of rankings. Here's the lowdown on what SSL is and how it relates to your website's success.

We get it: for all the non-techie business owners out there, spending your time and energy on nitty-gritty tasks (such as securing your website with SSL) is the last thing you want to do. But here’s what you need to know: in this day and age, consumers are savvier than ever; they’re also less likely to click on dubious links or visit dodgy sites online. 

Bearing this in mind, it’s important for you to get an SSL certificate for your website, so that your customers can browse your website with peace of mind. We know it’s a bit of a chore, but think of it this way: if your customers don’t trust that your website is legit, how can you expect them to make a purchase, or even convert to a lead?

 

What is SSL?

If you’re not 100% clear on what SSL is, don’t sweat it—you’re not the only one. In a nutshell, SSL refers to the standard security technology for establishing an encrypted link between a web server and a browser. By using this link, you can be sure that all the data which is passed between your browser and a web server remains private and confidential.

Let’s break this down and explain SSL using a real-life example. Let’s say you’re browsing a marketing blog and you decide to fill in a form to get a copy of the free ebook that they’re offering. Assuming the website is insecure, a hacker can intercept your data the second you enter your details and submit the form. Now, if you’re simply providing your email address, this might not be a huge deal—but imagine the same thing taking place on an online banking portal, and hackers gain access to your internet banking password or other confidential data. Now that’s cause for worry, right?

On the other hand, when you visit a website that's SSL-encrypted, hackers won’t be able to intercept your data. Here’s how it works: your browser forms a connection with the web server, and the SSL certificate binds your browser and the website’s server (or hostname) together. Because the binding is secure, no one (other than you and the website you're looking at!) will be able to access the information which you submit to the site. We’re not going to go into the details, but as an extra layer of security, even if a hacker were able to access this information, they wouldn’t have the private key necessary to decrypt it.

 

What is HTTPS?

Now that you’re up to speed with SSL, let’s talk about HTTPS.

HTTPS refers to Hypertext Transport Protocol Security, and sites whose URLs start with HTTPS (as opposed to HTTP) are secured with SSL. Most web browsers including Chrome, Internet Explorer, and Firefox display a green padlock icon in the address bar to indicate to their users that a HTTPS connection is in effect.

 

What does SSL have to do with SEO?

SSL has been associated with SEO for a long time now—it was back in 2014 when Google pushed out algorithms which favoured SSL-secured sites for the first time. Back then, SSL only had a small impact on SEO, and while HTTPS websites did experience increases in their rankings, these weren’t anything major.

Subsequently, Google webmaster trends analyst Gary Illyes came out to state that the boost that HTTPS provided might serve as a tie breaker, assuming that all else was equal. Here’s how he phrases it: “With the HTTPS ranking boost, it acts more like a tiebreaker. For example, if all quality signals are equal for two results, then the one that is on HTTPS would get … or may get … the extra boost that is needed to trump the other result.”

What this means is, if your website and your competitors’ sites are neck-to-neck in all other factors (i.e. loading speed, title tags, quality of content, and all that jazz), then whether your sites are SSL-secured will be the determining factor in which site gets ranked first. In other words: yes, SSL can help give you that extra edge!

NOTE: According to Search Engine Land, as of July 2018, Google Chrome will mark all sites without an SSL certificate (non-HTTPS) as “non-secure”, meaning that upon entry, a visitor will be shown a warning page.

 

SSL SEO case studies

In a study on search engine ranking factors by Brian Dean, SEMRush, Ahrefs, SimilarWeb, and MarketMuse, it was concluded that HTTPS and higher search rankings were “moderately correlated”. Here’s a visual representation of their findings:

ssl4

Image from Backlink.com

 

How to get an SSL certificate for your website

First things first: determine what type of SSL certificate you need and how many certificates you need. The types of certificates depend on the level of security that you desire and the size or complexity of your website(s), whereas the number of certificates you need depends on how many websites you have (i.e. one certificate is needed per domain).

For the vast majority of business owners, a standard SSL certificate will do the trick. But if you have multiple product lines under your belt (each with its own domain and subdomain), then you’ll need to get multiple SSL certificates. On top of that, certain industries (such as finance or insurance) come with specific requirements when it comes to SSL certifications—read up on this and make sure you know exactly what type of certificate you need.

 

How much do SSL certificates cost?

If you’re a startup working with highly limited resources, it’s possible to get a free SSL certificate from platforms such as Let’s Encrypt. One caveat, though—these certificates have a pretty short lifespan and they expire every 90 days. If you do get a certificate from Let’s Encrypt, be sure to keep an eye on your certificate expiry date, so that you can renew it when necessary.

Otherwise, SSL certificates generally cost from $50 (for a single domain) to a few hundred dollars (for multiple domains). The average certificate will be valid for one to two years, but there are longer-term certificates that are available (although these will naturally be pricier as well).

 

Where should you get your SSL certificate from?

The short answer: get your certificate from anywhere but Symantec!

Here’s the backstory: SSL certificates issued by security giant Symantec used to be popular, but late last year, Google declared that it would soon be deprecating Symantec-issued certificates in Chrome. True to its worth, Google started labelling websites with Symantec-issued certificates as unsafe when it pushed out build 66 of Chrome in April 2018. Upon visiting websites with certificates issued by Symantec, Chrome users will now receive a warning message that states that their connection is not private and that someone may be trying to steal their information.

ssl5

Image from StackOverflow.com.

In order to get to the website, users will have to click on “Advanced” and acknowledge that they would like to proceed despite the site being unsafe. As you might imagine, the multiple warnings would put off most users from clicking through and result in lower traffic for the website.

Here’s where the situation gets tricky: this problem will also affect websites with certifications that are issued by an intermediate organisation, but still use Symantec as their root of trust. This includes but isn’t limited to certificates by Thawte, GeoTrust, and RapidSSL. Before you purchase an SSL certificate, do some digging and make sure that its root certificate authority doesn’t go back to Symantec!

 

Installing SSL with WordPress plugins

Successfully purchased your SSL certificate? Depending on your certificate provider, you might have to take on the task of installing the certificate on your website and making sure it displays properly. The good news: if you’re using WordPress to power your site, then there are various plugins which can help guide you through the process. Read on to find out more!

 

Really Simple SSL

Really Simple SSL is a user-friendly tool which helps you migrate your website to SSL. Using this plugin, you’ll be able to install your SSL certificates across all your sites and verify that Chrome doesn’t display any warnings that might make your traffic take a hit.

 

Insecure Content Fixer

Once you’ve installed your SSL certificate, use Insecure Content Fixer to find and fix hard-coded references to HTTP pages.

 

WP Force SSL

Last but not least, use WP Force SSL to ensure that everyone who visits your page sees the secure version that you’ve set up. This plugin basically forces all your traffic to HTTPS, and ensures that all pages load securely.

 

BONUS: Free SEO SSL Scanner

If you want to err on the side of caution, check out this free SEO SSL scanner tool by Linksspy.com. Consider this: after analyzing the HTTPS settings of the top 10,000 domains, the team over at AHREFS found that only 10% of these websites has an ideal SSL/HTTPS set up (some were missing canonical HTTPS versions, some were using temporary instead of permanent redirects, and the list goes on.)

Setting up your SSL certification is a pretty complicated process - so take a few more minutes to ensure that your certification is configured properly using the SEO SSL scanner!

 

Next steps 

Want to get your hands on a complimentary SEO audit by the Online Marketing Gurus? We’ll audit your website, tell you how you’re performing in comparison with your competitors, and come up with a 12-month digital success plan for you. 

Claim your free digital audit

Let's increase your sales.

Claim your $2,000 Audit for FREE by telling us a little about yourself below. No obligations, no catches. Just real, revenue results.