In Google’s 2016 State of Website Security report, it was shared there was a 32 percent increase in the number of hacked sites in 2016 compared to 2015. And leading tech companies, like Google, aren’t expecting the trend to slow down anytime soon. Whether visitors to your site want to sign up to receive the latest news from your company, log in to submit requests, or pay for goods or services online, the risk of data breaches are abundant.
Fortunately, moving your site from HTTP to HTTPS helps create a safer and more secure environment for your users to make informed decisions, sets your site up for success in the eyes of search engines, and helps ensure scalable digital business needs are up to standard in the future. In this ultimate guide to SSL certificates, we’ll highlight what an SSL certificate is, what it does for your site and your target audiences, key recommendations for implementation, and what to do if your site is not yet secure.
Google & SSL requirements: What’s changing?
SSL encryption is a topic in the digital marketing world that has become more relevant and widely known in the last three to five years. In August 2014, Google announced migrating your site to HTTPS would give you a minor ranking boost. Overall, compared to other ranking factors in Google’s algorithm, this was a site update that held lower priority at the time. Shortly later, though, Google said they may decide to strengthen this ranking factor within the algorithm, as they wanted to encourage website owners to create a safe web environment for their users.
As of January 1, 2017, SSL encryption is now a ranking factor in Google’s algorithm, penalizing any site that does not provide a secure connection.
What is an SSL certificate?
Secure Sockets Layer, commonly referred to as SSL, is a protocol that creates a secure environment for users on the public internet by encrypting data between a client and the server. As a general rule of thumb, users can easily verify if a site is secure by viewing the URL. If the URL begins with “https:” instead of “http:” or if the address bar shows a green padlock, this serves as assurance the information provided and shared within that URL is being sent in a safe, encrypted format.
Does my website really need an SSL certificate?
SSL certificates have been and continue to be a great mechanism for users to evaluate the trustworthiness and security of a website. An SSL certificate contains information on the domain name, its owner and their location, and the validity/renewal dates of the certificate. Oftentimes, users will then take this information to determine whether they will continue with their site session, as they won’t want to risk their financial or personal security by providing information through a non-secure site. If your site incorporates one or more of the following, an SSL certificate is essential:
- User logins or passwords
- Personal information (first name, last name, email, address, etc.)
- Forms that request sensitive data for online payment
Our 6 key recommendations for installing an SSL certificate
Having a secure digital user environment will not only directly impact the information provided, but it also helps shape the user’s perception of your brand. There are many factors to consider when implementing an SSL certificate for your site and SEO concerns with going HTTPS. Google suggests you keep the following in mind:
- Use SSL certificates issued by trusted certificate authorities — this helps to protect users from potential fraud providers. Trusted certificate providers are associated with legal regulations and aim to verify each website with a certificate as a trusted digital resource.
- Decide on which type of certificate you will need, what your budget is for a long-term digital security strategy, and what level of security is needed — single, multi-domain, wildcard, extended validation, etc.
- Develop 301 redirects — when implemented, these will redirect users and search engines to the https version of the site.
- Use protocol-relative URLs — this will help to mitigate and minimize potential errors involved throughout the migration process.
- Use a web server that supports HSTS (HTTP Strict Transport Security).
- Test your pages and reporting tools following implementation to ensure proper setup and configuration.
If the migration and implementation are done correctly, adding an SSL certificate to your site will not hinder your existing SEO. In order to ensure a smooth transition from HTTP to HTTPS, you will need to verify all existing variants of your site in Google Webmaster Tools, and ensure your preferred domains and duplicate content URLs are configured appropriately.
So what does this all mean?
It should come as no surprise that Google supports and even rewards sites that are trusted and certified. Conduct a quick search for “SSL certificates” and you’ll quickly learn how prevalent site security is today, and how many options and price points are available to those interested in making the switch. Still not sure where to start? Your partners at Two Rivers Marketing are here to help keep everyone, your customers included, safe on the web.