Your website needs Secure Sockets Locker (SSL), the technology that prevents data from being stolen by encrypting the connection between browsers and servers.
Why? The short answer: Google is pressuring you.
The long answer is more complex. With the risk of cyber theft, web users’ expectations for online security has increased. To accommodate these expectations, Google changed how it measures website security.
Google and other search engines use SSL as the gold standard for this determination, and you may find your website drop in search results if your site doesn't have it. Read on to learn why Google wants your website to have SSL, and why you should comply.
In simple terms, SSL protects data as it travels between users’ browsers and the web server running your website. When people enter sensitive data, such as their credit card information, SSL ensures that it can't be seen by thieves, hackers, or others who shouldn't see the data.
SSL-protected web pages feature "https" in the address bar, and show a padlock icon. These signals notify web users that they're on a secure page.
Google uses two critical indicators—search engine rankings and Chrome security warnings—to favor sites with SSL certificates. Between 2014 and 2016, they unveiled exactly how they plan to benefit websites with this security technology.
In August 2014, Google released the following message:
We're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS.
But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
This announcement indicates that SSL is now essentially part of SEO (search engine optimization). If your site uses SSL, it should rank higher in Google than equivalent websites that don’t use SSL. The boost you see may be modest, but it’s still a welcome, recognizable advantage.
In September 2016, Google announced:
Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
What does this shift mean for you as a business owner and your web audience?
Between 51 and 65% of web users rely on the Chrome browser. Starting in January 2017, when users visit sensitive data-collecting pages, Chrome shows them a notification that those pages aren't secured by SSL. This is already happening. Chrome will eventually notify users when they're on any page that isn't secured by SSL—even if that page doesn't collect sensitive data.
Therefore, if your website doesn’t currently have SSL, you risk scaring users away. Your target audience will take the safer route of visiting one of your competitors whose website uses SSL.
To obtain an SSL certificate for your website, you’ll need to figure out how your web host works with SSL, acquire a certificate, and install the certificate. Then you’ll have to update your entire site to ensure all necessary parts of the site are being encrypted by SSL.
After getting SSL working on your site, you'll need to inform Google that your site is now running over SSL. That needs to be done in Google Search Console, and should be done in Google Analytics too.
The exact steps to add SSL to your site vary based on web host, server configuration, its required security, and your website features. This multi-step process can be complicated for many business owners. If you're not confident you can do it yourself, don't DIY your SSL certificate and put your customers at risk. With OptimWise’s Silver and Gold WordPress Maintenance Plans, we can do this for you, as well as monitor your site's security and remove malware. Let us take care of your website, so you can take care of your business.