What is an SSL certificate?
The [tooltip hint=”Secure Socket Layer”]SSL[/tooltip] certificate is the ‘tool’ that allows your website to work on the “https” protocol instead of (or as well as) the “http
The “s” stands for “secure” in “Hyper Text Transfer Protocol Secure”. Traffic (information) sent over this protocol will be encrypted and therefore, naughty people won’t be able to see the information shared over that connection.
It’s why we always recommend checking that a website you’re going to enter your credit card information on, is using https (often represented by a padlock symbol) – while this process isn’t an end-to-end solution to protect against all problems – it does mitigate the risk that someone could ‘see’ the information (credit card details?) shared with the retailer, and then use that information to make fraudulent transactions.
Secure website on a tablet
Secure website on a desktop browser
Should my website work on the https version?
Yes, absolutely. There’s the notable SEO benefits that Google does use https as a ranking signal [in part] to decide how up in the [tooltip hint=”Search Engine Results Page”]SERP[/tooltip] your website will appear.
[blockquote author=”Zineb Ait Bahajji and Gary Illyes, Webmaster Trends Analysts at Google” link=”https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html” target=”_blank”]Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal[/blockquote]
So this ‘news’ is from a few years ago – so it’s not going to be new to a lot of people (although, I note that many websites I see still do not utilise SSL certificates).
But look, it’s not just about ‘doing something for SEO’ and not thinking about it ever again. This is important – it’s for a reason. It’s about making the web better for all. More secure.
If you’re asking your customers to enter their payment details into your site and it’s not encrypted – best case scenario, you’re not following best practice – worst case scenario, you’re breaking the law.
So I need an SSL certificate: where do I get one?
In short, your host, most likely. Many hosts will offer SSL certificates for free or very cheap. There are a few different kinds, but you can achieve what most of you will need with the basic of certificates.
If your website is hosted by a standardised [tooltip hint=”Content Management System”]CMS[/tooltip] (like Shopify, Squarespace, Wix etc.) you may find that you don’t even have a choice and your site only runs over https (yay you!).
“No private or sensitive information is entered on my site, so I don’t need an SSL certificate”
I love this response. In the past, it’s been a go-to response by some hosts that “you don’t need an SSL certificate unless private or sensitive information is being entered on your site”. Ok, so let’s just put aside the potential SEO benefits to your site and explore this for a second here.
Are you sure? You don’t ask your website visitor to enter any of their information? A contact form? Do they log-in to your website?
Come to think of it, do YOU log into your website?
If your website is based on a CMS (like WordPress for example) and you enter your username and [hopefully strong] password to log into the ‘backend’ so you can make changes to your content, create new posts and pages – perhaps even delete the ENTIRE WEBSITE? – then you are the user we need to protect here.
[alert style=”warning”]Related: How to make strong passwords[/alert]
Because if that username and password are entered over an insecure connection, that information could be intercepted by a 3rd party. And now that 3rd party has your log-in details, what could they do with that?
This is a quick win to making your customers feel more secure and safer about using your website, and of course, there’s the undeniably attractive fact that Google uses it as a ranking signal, which means your site can appear higher in search results.