When Secure Sockets Layer (SSL) security came into use, it was primarily for banks and other companies that conducted financial transactions online. More recently, though, SSL has become a ranking signal for Google, which means that businesses without an SSL certificate for their websites suffer in Google Search Engine Result Page (SERP) rankings.
In addition, Google Chrome displays a comforting little padlock icon next to the URL of a webpage if the site has an SSL certificate, and a somewhat alarming exclamation point next to the URL of sites without SSL, giving visitors the impression that the site is not safe to use. Correctly implemented SSL security is a key factor in website design for small business; it's not just for large corporations!
Rumors Abound
When this change to Google's SERP algorithm was implemented, there was a great deal of confusion in the business world, and many of the rumors that began at that time are still in wide circulation. One of the most prevalent is that your business page will suffer in terms of Search Engine Optimization (SEO) by moving to HTTPS. While it's true that improper implementation – we'll talk more about this shortly – can cause issues, a correctly implemented HTTPS site offers your business better SERP results and higher customer confidence in terms of security.
Using HTTPS protects you and your customers by encrypting data that is transferred between you, preventing hackers from grabbing information that could allow them to spoof your site off your customers' IP addresses later. It ensures that any attempts to tamper with or corrupt data in transfer are detected, and it offers users authentication, so they know that they're providing their personal information to the site they intended, and only to that site.
Correct Implementation Of SSL
In order to get the full benefit of having an HTTPS site, your website needs to implement SSL correctly, and this is an area where an astounding number of websites are lost in the weeds. There are numerous studies examining HTTPS implementation and the numbers vary widely for different criteria, but overall, about 90% of business websites are missing some critical factor. Establishing and managing HTTPS implementation can be complicated and time-consuming, which is why many businesses opt for professional help. One common error is in the use of re-directs, which is where getting it wrong can most directly hurt your site's SEO.
- HTTPS Enabled - If you've got an HTTPS website, users should be able to reach it by typing HTTPS://www.yoursite.com and get to your home page.
- Correct Re-Directs For Alternate URL Forms – Users should also be able to type HTTPS://yoursite.com or HTTP://yoursite.com, or HTTP://www.yoursite.com, and go directly to your HTTPS page.
- Re-Directs Should Connect Directly – If a user types yoursite.com, they should be sent directly to your "canonical" HTTPS page, not to any other version of your page. Sometimes, a webmaster will miss a re-direct, causing users to be bounced from www to HTTP, and then to HTTPS, which slows connection, opens potential misdirection to a hacker's spoof of the site, and harms the site's SERP ranking.
- Permanent Versus Temporary Re-Directs: When you implement HTTPS, you're actually re-directing traffic from your older HTTP URL to a new, secure URL. It's critical that this is done with a permanent (301) re-direct, as opposed to a temporary (302 or 307) re-direct, because the temporary re-directs leave spoofers an opening to detour your traffic, and Google does not consider this secure, so your site does not get the SERP ranking benefit of being a secure site.
Yes, You Really Need An SSL Certificate For Your Website
Don't miss out on the opportunity to boost your website's SERP rankings and visitor confidence. "Padlock" your site with correctly implemented SSL and watch your traffic and sales numbers climb as new customers find your brand and buy with confidence!