Your website needs Secure Sockets Locker (SSL), the technology that prevents data from being stolen by encrypting the connection between browsers and servers.
Why? The short answer: Google is pressuring you.
The long answer is more complex. With the risk of cyber theft, web users’ expectations for online security has increased. To accommodate these expectations, Google changed how it measures website security.
Google and other search engines use SSL as the gold standard for this determination, and you may find your website drop in search results if your site doesn’t have it. Read on to learn why Google wants your website to have SSL, and why you should comply.
What SSL Is and What It Does
In simple terms, SSL protects data as it travels between users’ browsers and the web server running your website. When people enter sensitive data, such as their credit card information, SSL ensures that it can’t be seen by thieves, hackers, or others who shouldn’t see the data.
SSL-protected web pages feature “https” in the address bar, and show a padlock icon. These signals notify web users that they’re on a secure page.
Why Google Values SSL Certificates
Google uses two critical indicators—search engine rankings and Chrome security warnings—to favor sites with SSL certificates. Between 2014 and 2016, they unveiled exactly how they plan to benefit websites with this security technology.
When SSL Became Part of SEO
In August 2014, Google released the following message:
We’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS.
But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
This announcement indicates that SSL is now essentially part of SEO (search engine optimization). If your site uses SSL, it should rank higher in Google than equivalent websites that don’t use SSL. The boost you see may be modest, but it’s still a welcome, recognizable advantage.
When Chrome Marks Sites as Non-Secure
In September 2016, Google announced:
Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
What does this shift mean for you as a business owner and your web audience?
Between 51 and 65% of web users rely on the Chrome browser. Starting in January 2017, when users visit sensitive data-collecting pages, Chrome shows them a notification that those pages aren’t secured by SSL. This is already happening. Chrome will eventually notify users when they’re on any page that isn’t secured by SSL—even if that page doesn’t collect sensitive data.
Therefore, if your website doesn’t currently have SSL, you risk scaring users away. Your target audience will take the safer route of visiting one of your competitors whose website uses SSL.
How You Can Add an SSL Certificate to Your Website
To obtain an SSL certificate for your website, you’ll need to figure out how your web host works with SSL, acquire a certificate, and install the certificate. Then you’ll have to update your entire site to ensure all necessary parts of the site are being encrypted by SSL.
After getting SSL working on your site, you’ll need to inform Google that your site is now running over SSL. That needs to be done in Google Search Console, and should be done in Google Analytics too.
The exact steps vary based on web host, server configuration, its required security, and your website features. This multi-step process can be complicated for many business owners. Instead of trying to DIY your SSL certificate and putting your customers at risk, contact the web team at OptimWise and learn more about your site’s security options.