Jon | 2 Sep 2021
Having an SSL certificate is essential on any modern website. In the past, SSL certificates were primarily used to secure the transmission of sensitive information on the web, such as credit card information and personal details. In recent years, as more and more websites have begun collecting personal information, it has become the default for all websites to have an SSL certificate. Ascendancy install an SSL certificate as standard on all new website builds, and recommend to any clients who do not yet have one that they should invest in one for their website – this article explains why.
What does SSL stand for?
SSL stands for Secure Sockets Layer – it creates a secure connection between your web browser and a web site by encrypting data as it is sent between the client (your computer) and the server that the website is hosted on.
How can I tell if my website has an SSL certificate?
When a certificate is installed and configured correctly, a padlock icon will be displayed in the web browser address bar. The website address should also start with https instead of http:
Benefits of HTTPS
There are a variety of different reasons why you should get an SSL certificate and go HTTPS; here are the main ones:
- Better Security As already mentioned, SSL keeps all the data sent between client and server secure by encrypting it. It’s a good feeling knowing something is safe and secure, so why wouldn’t you want this for your website? You may not think that your website is likely to transmit any sensitive information, but what about the details you use when you login to your website’s admin area, or customers entering their personal details into an enquiry form? This data should be encrypted.
- Improved Site Speed Websites that are delivered over SSL can utilise the new HTTP/2 protocol, which greatly improves the loading speed of a website even without the website developer spending time optimising the code and assets.
- Search Engine Rankings Google wants to promote websites seen as being secure in their search results – as a result, having an HTTPS website should give you a slight ranking boost. Not only that, but Google and other search engines now flag websites which do not have an SSL certificate. Obviously, this makes it less likely that visitors will click through to your site.
- Trust The padlock will be seen by visitors to your website as a trust symbol, giving them confidence that your website/organisation is legitimate. In addition, Google now label any HTTP pages as non-secure in their Chrome browser. Anyone using Chrome to browse your website will see a warning about your site being insecure, if you are not using HTTPS.
- Satisfy PCI DSS If you’re accepting card payments on your website, your site must meet PCI (Payment Card Industry) DSS (Data Security Standard). One of the requirements of this directive is to ensure that your website encrypts the transmission of any cardholder data. Having an SSL certificate installed and configured correctly will satisfy this requirement. For a full list of the requirements, see https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
Unfortunately, it’s not all sunshine and roses in HTTPS-land. There are a few things that you need to think about when switching your site from HTTP to HTTPS:
- Short-term drop in Search Engine Rankings Switching protocol from HTTP to HTTPS without putting any 301 redirects in place can put your search engine rankings in danger. Be sure to ask your web developer to implement 301 redirects so all non-HTTPS traffic gets redirected to HTTPS correctly.
- Cost of set-up If your website is built in WordPress, you will need to ask your web developer to update all the page URLs in the database to begin with HTTPS, and ensure that all externally-loaded scripts are called over HTTPS instead of HTTP in order to avoid ‘partially encrypted page’ warnings in the user’s browser. There will likely be a charge from the web developer for making these changes.
- Ongoing cost of SSL certificate Not really a biggie, but your hosting provider will most likely charge a modest annual fee for providing you with an SSL certificate. This is changing, however, as some hosting providers now allow you to install a free certificate from LetsEncrypt.
Need help going HTTPS?
If you need any help making your website secure or dealing with the SEO consequences, Contact us today and we can discuss your options.