Google has recently announced plans to give priority to SSL driven websites, regardless of whether you sell items or not and they expect you to be ready too. So how is this going to effect you? what can you do to be ahead of the game? and what is SSL anyway, I thought that was just for ecommerce? In this blog post we will try to clear up SSL and explain the process we follow here.
So what is an SSL Certificate?
Secure Sockets Layer is more commonly known as SSL and is industry standard terminology used through the internet world to describe a system/technology that protects a users data when it is transferred between the user and the websites server. The technology ensures that data between the users agent (namely a browser or app) is encrypted to a recognise standard.
For most users this is noted by a padlock (locked for SSL, unlocked for no SSL) that appears within the address bar or status bar of the browser. Recently the SSL status of a website has become more obvious to end users with entire address bars going green or red, highlighting of the padlock icon and even pop up messages alerting the SSL status of a website.
Historically, SSL was only really used on e-commerce websites, and even then only on the larger sites where payment was being processed through their own systems. However, most websites now will exchange data, some normally being sensitive to a degree and thus by proudly showing off your SSL secure status will win over some users, make your website seem more trust worthy and now we learn, also make Google happy.
So what does this mean for me? why do I need an SSL Certificate?
Due to recent advertising and user behaviour changes it is now more important than ever for a user to feel as if their data is respected and they can trust the website they are using, gone are the days SSL is only used for payments!
Recently (October 2017) Google will begin to give small boosts to sites that are actively using SSL certificates in search results and they will penalise non SSL websites by ramping up the ‘not secure’ messages in bright red status boxes!
Effectively this is a public slap on the wrist for the website, a name and shame if you like and as we know, the majority of users love and trust Google. Think of it as Googles way of being the protective parent, looking after its children.
Therefor, it’s more important than ever to ensure your site complies and has a SSL variant.
Will my site be affected by this change?
YES! By adding the SSL certificate you will be directly changing ALL of the URLS of your site to move from HTTP to HTTPS and thus the traffic needs to be handled correctly using redirects. The last thing you want as a website owner is for visitors to follow all those links you have built up in the past and end up seeing 404 error messages!
There is however no need to go back and amend all the past backlinks you have created, or the directory citations that have built up over time. Solutions exist for most platforms that allow you to build 301 redirects automatically, or at least very quickly to capture all this traffic and divert to your new shiny SSL enabled site.
So where do I start with an SSL Certificate?
The first port of call will be to check if you have an SSL certificate or not in place, simply visit your site and look for the SSL status, a green or closed padlock will indicate you are already SSL and your good to go. However if you see a red status, an unlocked padlock or similar message then you will need to proceed.
The first step will be to acquire a certificate, these can be free or purchased depending on your structure and setup. Here at Social Saxon we use fast SSD hosting with the cPanel control panel software, as part of this we include the Let’s Encrypt service which enables free certificates!
Here’s some other certificate sources if you can’t use the Let’s Encrypt service, but we always advise speaking with your host first.
If your pretty switched on with the techy bits, then grab a coffee and follow the instructions provided to get it installed, sometimes you may need your host to get it done for you. Failing that, you could always ask us to help, as part of ALL of our website packages we offer FULL Let’s Encrypt certificates installed, configured and fully working when we host the website!
If you don’t use the Let’s Encrypt you can expect to pay in the region of £100-500 for a certificate from another provider depending on what you choose. Currently the big benefit of a paid certificate is the liability options in regards to financial compensation and legal cover in the event something goes wrong.
The second option missing from the free SSL is the ability to have wildcards in the certificate so all subdomains, IP’s and sites are covered. Importantly though, this feature is due to be added to Let’s Encrypt in Jan 2018! This isn’t a deal breaker as the free option can still work, it just requires more man hours to setup and configure.
SSL Certificates dont stop hacking!
One of the biggest mis conceptions is that an SSL certificate will also protect against hacking, it wont! Even though your SSL certificate will protect the data in transit between the user and the server, it won’t offer any protection to the common hacking attempts and issues.
Many people think that by adding SSL they are then covered and finished in the security department, please make sure that you still continue with the normal security routines such as software firewalls, keeping on top of updates, regular backups, strong passwords etc
That about sums up SSL certificates, remember Google expects you to know this and be ready!
If you have any questions please contact us