Top 20 Google tips #14 - The truth about SSL
Blog rewritten in light of recent changes
Sometimes developments on the internet happy extremely fast. The video is made for this topic is already out of date, so I have decided to drop it and replace it instead with this blog I wrote recently... just imagine I am in front of camera as you read!
SSL Certificates. This subject has so much incorrect information, I wanted to explain what SSL Certificates are, what they do and the things to consider before getting one. By being informed you will be able to make a decision as to whether it is right for you.
What is a SSL Certificate?
SSL stands for Secure Socket Layer and it a piece of code that sits on your website, allowing people to browse your website through what is known as a secure connection. Depending on the browser you are using, you may see a padlock symbol and the address of the actual website will begin with https:// rather than the usual https://.
There are lots and lots of different SSL certificates available, with different levels of encryption. For many years, 128 bit encryption was the standard but this has been superseded by higher levers of encryption: 256, 512, 1024, 2048 bit and so on. In layman’s terms, the higher the bit value, the greater the level of encryption and the more secure your connection to the website will be.
It is absolutely essential to have if your website takes card payments. However if your customers are directed to another site to actually make the payment (Paypal, World Pay etc..), a SSL Certificate is not necessary but if your customers choose to return to your website after making a payment and your website does not have a SSL certificate, your customers are likely to get a warning pop up, stating that they are moving from a secure site to an insecure site.
Technically it makes no difference, as sensitive card information isn’t passed back to your website. However people tend to be quite nervous making payments online so anything you can to do reassure them is worth thinking about.
More businesses are choosing to have SSL Certificates on their websites, even though they are not technically necessary, as they inspire confidence in the visitor that the website is safe to use. In reality, it does not stop a website from being hacked, it just ensures that the visitor's connection to the website cannot be intercepted by anyone else.
What about Google?
Google has been using SSL as a ranking factor for 3 years now (you can read about it by following this link) and from October, if your website has got any forms on it (contact forms, for example), Chrome and Firefox users will see warning message that the information they are entering is not secure. If you have a WordPress site, for example, you will already be receiving this warning when you log into your Dashboard.
This is going to affect every single website that does not currently have a SSL certificate and you might think that you should get this resolved immediately. You will probably do a Google Search and find someone that will do it very cheaply and go ahead and order one.
The difficulty is that many SSL certificates are not worth the (virtual) paper they are written on. Symantec (who own Norton Antivirus) nearly had 30,000 of their websites delisted by Google because Google considered that they had not been issued correctly. A lot of hosting providers offer free or low cost shared certificates but again they will not be trusted by Google in the long term.
What should I do?
What does this mean for you? Well Google recommends 2048 bit encryption. This is likely to cost you in the region of around £150+ per year, which is an expense that you will have to budget for on top of your hosting. If you do go ahead then it will benefit your website from Google’s point of view.
Ranking is always relative, if your competitors have got them, then you should consider getting it yourself sooner rather than later but, whatever you do, make sure it is done correctly, getting it right in the first place will help you in the long run.