Why SSL security is important for your business and SEO

Digital360 on 8 September 2017

Providing your website users with the latest security is a new challenge for small and medium businesses. But it’s important. Not just to protect your business and customers – but for your business's search engine rankings, too.

In this article, we'll cover the basics of HTTPS – the secure way to connect your website with your users. To make your website HTTPS-ready, you may need to purchase an 'SSL certificate' and upload it to your web server.

Read on to find out more about SSL and HTTPS or talk to a digital specialist about your digital strategy. If you're unfamiliar with any specific terms, refer to the glossary at the end of this article.

SSL checklist: Key action items

Estimated duration: Two hours

Action itemTask type Time (mins)

Install SSL certificate.

Install

15

Set contingencies for SSL renewal process.

Manage

5

All URLs and resources must load as HTTPS (e.g. scripts).

Configure

10

Test SSL type and encryption levels are as expected.

Test

5

Update Google Tag Manager tags, triggers and variables for HTTPS.

Update

15

Update Google Analytics for HTTPS.

Update

5

Test Google Adwords URLs updated to HTTPS and ensure GCLID is not stripped. 

Test

10

Update Google Search Console with HTTPS sites.

Update

10

Update Google Search Console - Fetch entire domain once HTTPS is in place.

Update

10

Test Sitemap.xml and resubmit.

Test

5

Test Sitemap.xml and resubmit.

Test

5

Test UTM tags are not stripped with HTTPS redirect.

Test

10

Test plugins, scripts, third party tools are updated to HTTPS.

Test

10

Test form fill conversions.

Test

10

Test ecommerce transactions.

Test

10

Test site for 400, 500 errors, redirect loops.

Test

10

What is an SSL certificate?

An SSL certificate is a set of verified credentials that allow for encryption between a web server and a web browser. ‘SSL’ refers to a security protocol called Secure Sockets Layer. The certificate can be purchased from registered vendors, called certification authorities, much like a domain name.

While the SSL protocol has been superseded by a more secure protocol called TLS, or Transport Layer Security, much of the digital industry still refer to TLS certificates as SSL certificates, or sometimes SSL/TLS certificates.

The type of certificate doesn’t dictate what type security protocol will be used. Both protocols run using the same certificate information. That means an updated, secure server with a valid certificate should provide your business and users with the latest security layer.

Why is HTTPS important for a business?

When accessing a website, your browser will often show a green padlock or the word ‘secure’ next to the URL. When this happens, your browser has established a connection using HTTPS and added a layer of security over the standard web protocol, HTTP. This is possible because the website has a legitimate SSL certificate.

Getting your website HTTPS-ready with an SSL certificate is important for three key reasons:

1. Protecting your users’ data

If your business manages customer data online, such as logins, personal details and payments, then it’s important to keep your users’ information secure from attacks with the latest standards in encryption. With HTTPS, it’s very difficult for an attacker to steal or tamper with data undetected, keeping important information safe.

2. Increasing trust and credibility

Most browsers, such as Google Chrome, Firefox and Safari have built-in protections to help users identify unsecured sites. An SSL certificate will ensure that web browsers do not flag your website as unsecure and scare away potential customers. HTTPS will also make your site more trustworthy, with the addition of security icons in the browser interface, such as a padlock and green security text next to the URL bar.

you connection is not private

Browser warning messages may display for unsecured websites

3. Boosting SEO performance

In 2014, Google announced that going HTTPS – adding an SSL certificate to your site – will give sites a minor ranking boost. In other words, having a safe and secure site for users will increase the performance of your website search engine rankings. There are only a few ‘guaranteed’ ways to instantly improve SEO performance – and having a verified SSL certificate is one of them.

Are there any disadvantages of HTTPS?

Since the HTTPS protocol takes additional security steps when connecting a browser to your website, page load times may increase. However, the security and SEO benefits of HTTPS outweigh any small variations in website performance. Ensuring the security of your business and users is a top priority.

But there are ways to reduce the impact of HTTPS on page load speed. One solution is website caching. If your users have previously visited your website, site data can be saved in the user's browser for reuse. A website can also be configured to deliver cached versions of a webpage to end-users. The end experience for the user is a fast-loading website, even when they're connected using a secure HTTPS connection.

How do you get an SSL certificate?

Depending on your hosting provider or solution, you may or may not need to manually purchase and install an SSL certificate. Some ‘off-the-shelf’ web services such as Squarespace make the management of HTTPS and SSL certificates easy and in some cases, automatic.

The purchase of your domain name may also come with an SSL certificate, while shared hosting providers may have ‘shared’ group certificates. This may mean you do not need to purchase an individual one for your company, although a separate SSL certificate is still highly recommended.

However, if your website however is not establishing a HTTPS connection, then it’s likely that you will need to purchase and install an SSL certificate manually. To double check, log into your web server or hosting provider and navigate to the security or ‘SSL/TLS’ settings.

If you do not have an SSL certificate, they can often be purchased from the same registrar you purchased your domain name. There are also many other providers, called ‘certificate authorities’, that offer verified SSL/TLS certificates for sale.

Installing the SSL certificate

Once purchased, you will need to download your certificate files. The next step is to access your server’s cPanel or administration dashboard. From here, you can:

  1. Refer to the registrar or hosting provider's support team or documentation to install the certificate.
  2. Reach out to the web developer that first set up your site, or provide your new web developer with the credentials to install the SSL certificate.

The next steps

Once complete, you’ll need to make sure that the installation of the certificate has worked and is not negatively impacting the performance of your website. This involves running a number of tests and checking that the new security layer (the ‘S’ in HTTPS) has not broken links and URLs on your site. Refer to the above checklist for a comprehensive guide to managing this process.

For more information about web development, security, SEO and digital strategy, speak with a digital specialist.

SSL and HTTP glossary

  • GCLID – A tracking parameter in URLs to pass information between Google AdWords and Google Analytics.
  • Google Tag Manager – A Google tool that allows for the easy set-up and management of website tags used for conversion tracking and site analytics.
  • HTTP/HTTPS – The standard application protocol for the world wide web. HTTPS refers to a secure and encrypted version of HTTP.
  • Redirect loops error – If a redirection points to a page that has already been redirected, it may cause a 310 error ('too many redirects').
  • SSL/TLS – Cryptographic protocols that provide a layer of security in communications over a computer network.
  • UTM tags – A tracking parameter attached to custom URLs to track sources, mediums and campaigns for Google Analytics.
  • XML site map – A file format that is commonly used to store information about page locations on a website, which can be read and indexed by search engines.
  • 400 errors – A class of errors that refer to ‘client’ errors, a common error message being a 404 error where the web browser attempts to locate a non-existent page.
  • 500 errors – A class of errors where the server was unable to complete a valid request by the client.