Why Every Site Needs an SSL Certificate Now
Note: This post was originally published on May 31, 2017. The contents of this post have been updated to reflect the latest news concerning the importance of SSL certificates, particularly Google's latest announcement regarding the release of Chrome 68.
It’s been almost
three four years since Google first told everyone they should make the switch to HTTPS. In their passionate plea to website owners to create a more secure internet, they used a rallying cry that would surely go straight to the heart of everyone: HTTPS would become a ranking signal.
Most Websites Still Don't Use HTTPS
Not surprisingly, the world did not make a mass switch to HTTPS overnight. In fact, almost
three four years later, the majority of websites still aren’t using HTTPS. According to NetTrack usage data, only about 29% of websites are using HTTPS. This is a huge increase from the roughly 7% of websites that were using HTTPS back in 2014 when Google started the push for a more secure web, but it's still a far cry from what Google wants.
It's important to note that while the majority of websites still don't use HTTPS, over half of all web traffic is encrypted. This is because most of the top websites have already made the switch.
Why Haven't Most Websites Made the Switch?
There's still a lot of misinformation and half-truths about HTTPS and SSL out there, including:
- It’s expensive
- It can hurt your rankings
- It’s hard to implement
- It’s not necessary
When we originally addressed the topic back at the tail end of 2014, our stance was that you should get an SSL certificate if you really needed one. Who needed one? Mostly ecommerce websites. Pretty much everyone else could take it or leave it. The minor ranking difference—if any at all—wasn’t worth the time, trouble, or cost.
Now that we’re into 2018 and Google has promised that its July 2018 release of Chrome will flag all non-HTTPS sites as not secure, the answer has most definitely changed. The new answer: Everyone needs to make the switch to HTTPS. If you have a website and you want to generate leads, make sales, or just tell people about your business, you have to get an SSL certificate.
What Are HTTPS and SSL?
If acronyms drive you crazy, then here’s a handy cheat sheet:
HTTPS – Hypertext Transfer Protocol Secure. What it means to you: communication is encrypted so data or information sent to and from your website is secure.
SSL – Secure Socket Layer. What it means to you: it’s the standard technology used to make your website HTTPS.
In other words, if you want to encrypt data on your website and get in line with Google’s recommendations, you need to buy an SSL certificate. But there’s a lot more to it than making Google happy.
Why Every Business Needs SSL
If you sell things on your website, there’s not even a debate. An SSL certificate is not optional. Since most payment gateways don’t even work properly without an SSL, we don’t need to convince the ecommerce folks out there to get one. So this is mostly for you lead generation folks.
Remember back when a lot of businesses said they didn’t need a website? And then they all said they didn’t need a mobile-friendly website? Well, any business that’s worth a grain of anything has a website now, and the ones who aren’t mobile friendly are trailing far behind. The same thing is going to happen very soon with HTTPS. The websites that don't have it will fall behind the competition. Search engines, users, and even browsers will soon heavily favor secure websites. It all comes down to security and trust. Customers won't buy from you if they don't trust you, and your website must be secure for your users to trust you.
Do It for the Search Engines
Google isn’t going to stop pushing HTTPS. Since making the original announcement in 2014, Google has pushed HTTPS harder and harder. It is now a legitimate ranking factor (albeit one of hundreds). Originally used only as a tie-breaker when all other things were equal, it’s now widely believed that SSL means more. In the search results below for "minneapolis web design," the first six results are all HTTPS. Could that company down in position seven move up with an SSL certificate? That's certainly a possibility, and it's definitely a logical step in their SEO efforts.
No, it’s not a guaranteed magic bullet to move you up in the search results. But it is best practice for SEO. More importantly, it’s best practice for your customers.
Do It for Your Users
Doing things for search is nice, but search engines don’t help you pay the bills. Your customers do. Everything you do should ultimately be for the benefit of your customers. How does HTTPS help your customers? It tells them that your website is secure and that any information they share with you on that website will be secure.
In other words, having an SSL certificate builds trust. Unsurprising fact of the day: when your customers trust you, they’re far more likely to buy from you or use your services.
Do It for the Browsers
Chrome, the most popular browser in the world, now tells your customers when your site is HTTPS or just plain old HTTP. At the moment, this doesn’t mean all that much since the “warning” is fairly innocuous. But later this year, Chrome is going to warn all users when a website is not using HTTPS with this scary message:
That’s right. If your website isn’t HTTPS, Chrome will immediately call attention to the fact that your site isn’t secure. Over half your website visitors are going to see this message. What impact do you think this is going to have on your customers? Hint: it’s going to cost you a lot of sales.
So When Do You Really Need an SSL Certificate?
This is what we said last year regarding who needed an SSL certificate:
If you’re doubting whether or not you actually need an SSL for your business website, consider whether or not your website allows customers to do any of these things:
- Make a purchase or submit credit card information
- Create an account
- Submit a contact form
- Sign up for a newsletter
- Search for something on your website
Now we're updating our recommendation to this:
- If you have a website
There are no more excuses now. If you have a website and you want people to trust it, you have to be secure.
Reason #432 To Switch: SSL is Cheap Now
You don’t need to be a mega corporation to afford an SSL certificate. This is a small investment for any legitimate business. Properly implementing and maintaining an SSL will cost you a couple hundred bucks a year. For most businesses, it pays for itself after one sale. Given how many sales you’re going to lose when Chrome starts flagging your website as unsafe, this is a very small price to pay.
But Won’t I Lose Rankings When I Switch?
You may have heard some horror stories about companies switching to SSL and dropping to page 500 of Google search results. There’s a simple explanation for this: they did something terribly wrong when they made the switch. It wasn’t the switch itself that caused the problem. Remember, HTTPS gives you a boost in the rankings. A properly implemented SSL certificate cannot hurt your search rankings.
As you may notice, the site you’re currently visiting uses an SSL. We aren’t an ecommerce site. So why did we make the switch? Well, as a web design and marketing company, it’s kind of important to follow best practice. Did we notice any drop in performance when we did it? Nope. Our rankings either stayed the same or went up. Our traffic continues to go up. Our leads continue to go up. While we can’t definitively say that HTTPS helped us, we can definitively say that we’re in a better position today than we were before we had it.
Don’t Try This Yourself
Implementing SSL is pretty easy if you’ve done it before. Most business owners haven’t. There are a lot of things you need to worry about when making the switch, including mixed content, duplicate content, redirects, broken links, and much more. Fortunately, this is all standard stuff for a qualified developer.
Instead of spending days trying to make the switch only to find you’ve tanked your website because you did something wrong, you’d be much better off contacting a professional web development and hosting provider. They can quickly get you running on HTTPS without any short- or long-term negative effects to your performance in search results or anywhere else.
No matter who implements SSL for you, the time to make the switch is now. Don’t let an unsecured website be your downfall. If you're ready to make your website more secure and create a better experience for your users, contact us today.