dots dots dots

What is SSL and does your website need it?



As more and more business moves online, security is a major concern. The anonymity of the internet still makes a lot of people uneasy about handing out their credit card details. If you shop at a physical store and get a dodgy product, you can at least go back to the store and demand a refund. With a website it’s not always as easy. So as business owners we should take steps to reassure our potential customers.

What is SSL?

SSL (Secure Sockets Layer) is a security protocol that has become a standard way of encrypting communications between two devices. Only the sender and the intended receiver can decrypt the data into something readable.

In website terms, SSL encrypts any information being transferred between a user’s web browser and the website server where your website sits. This means if someone is somehow able to intercept your communication somewhere in the middle, it is unreadable.

To set SSL up on your own website you need a SSL certificate (usually purchased from your website host). This certificate stores information about your business and website and acts like a personal identification card. Once setup correctly your website will display the little green padlock next to your website address in browsers. This indicates the website is using SSL, has a certificate that matches the website address and all of the elements loading on the page were encrypted.

SSL signals trust

That little green padlock infers to your customers that your website is safe. It’s no guarantee that everything about your website or hosting is safe, but it can’t be considered safe without it. This is of course critical for an e-commerce website. Nobody should ever enter their credit card details into a website that isn’t SSL encrypted.

But even if you aren’t taking payments, SSL can still be very effective at encouraging users to complete actions such as submitting information into an enquiry form. SSL signals that you care about your users information and have taken steps to protect their personal data.

Even if you are not accepting any input from your customers at all, I still think it’s a positive signal to display to potential customers. You are serious about your business online.

Google is forcing everyones hand

It was over three years ago that Google announced SSL encryption as one of their ranking signals (albeit a very minor one). There’s no plans for Google to crank up the strength of this ranking factor apparently, but as SSL is adopted more and more websites without SSL will be more likely to be singled out as lesser quality. Over 50% of Google’s first page search results are now SSL encrypted. It’s hard to ignore the trend. I’m not sure they are first page because they have SSL. It’s likely the more serious websites are adopting SSL anyway.

Google’s highly popular web browser Chrome now gives users a warning whenever a site is not using SSL and is set to make that warning more and more obvious. Even if you aren’t collecting any data at all.

It’s very clear that Google wants website owners to adopt SSL.

Should you do it?

So yes, you should absolutely switch your website to SSL at some stage in the near future. We launch all of our new websites with SSL from the start. Just be careful when you switch though. Effectively this is a complete change of website address in Google’s eyes. Even though you’re only changing the prefix of ‘http’ to ‘https’, it’s the equivalent of moving to a completely new domain name. You will need to ensure the correct redirects are in place to signal to Google that your site has just moved. If you don’t do this you might actually see a significant drop in search rankings. If you’re not confident with this talk to your website host, your website developer or of course one of the Pixeld crew.