Not having a Secure HTTPS/SSL website could be harming your business

2 March 2017
News, Web design & development

Not having Secure HTTPS/SSL website could be harming your business

It’s long been known that having HTTPS/SSL is a good way of improving the security of your website, however Google soon plans to warn all its users if a website doesn’t have HTTPs enabled. This may not be the best first impression for customers who may visit your website.

With HTTPS becoming a more relevant search ranking factor, getting a SSL certificate and its proper implementation are of greater importance for website owners in 2017.

What is SSL/HTTPS?

SSL stands for Secure Socket Layer. It is an encryption technology used to transfer data from a user’s browser to the web server. Websites use SSL encryption to prevent third parties from intercepting and misusing the data your users may enter on a website (e.g. credit card details or personal information).

You can tell a website has an SSL certificate by looking at the domain and seeing if it has https:// at the beginning of the URL in the address bar. Websites which only have http:// at the start do not have an SSL certificate and therefore any communication between the user and the website could potentially be available for interception.

HTTPS/SSL website example — Having https:// at the beginning of your website’s domain means your website has an SSL certificate and communications are encrypted.

Do I need an SSL/HTTPs website?

In the past, HTTPS/SSL websites have usually only been the preserve of ecommerce websites where sensitive information (e.g. credit card or address details) is being submitted to a website. This is to ensure that the data you are passing to the website is encrypted and cannot be intercepted in transmission.

However, HTTPS/SSL use has been growing and this may be because Google has been publicly encouraging all website owners to transfer their website onto HTTPS/SSL.

Google Chrome, which has over 50% of web browser market share in the UK will be soon telling its users if a website is not secure. In fact, it may already be doing this if your website asks for usernames & passwords or credit card information and its doesn’t have SSL enabled.

Google chrome HTTPs/SSL warning — Google chrome currently warns users when a web page includes a password or credit card field and does not have HTTPS/SSL enabled, however it soon plans warn all users if the website is not on HTTPs.

Does SSL/HTTPS have an impact on my search engine ranking?

In short, yes it does and its impact is increasing.

In August 2014, in an effort to encourage a more secure internet, Google introduced a new ranking signal which gives a search engine ranking boost to websites which have SSL enabled. Initially the ranking boost was very light, although it has said it intends to strengthen the ranking boost over time as more website owners transfer on to HTTPs.

How do I get HTTPs/SSL enabled on my website?

Purchasing an SSL certificate can be relatively straight forward but may require your identity to be checked. They come in three main flavours:

Domain SSL Validation

Domain SSL is ideal for businesses needing a low cost SSL quickly and without needing to submit company documents to confirm identity. The validation process is usually limited to verifying you own the website domain.

Organisation SSL Validation

Organisation SSL will require additional verification and certain company documents to be vetted before the SSL is issued. The process of purchasing a certificate will take longer, and may cost more.

Extended Validation (EV) SSL Validation

Extended Validation SSL certificates are the most secure type of certificate that can be issued. It requires certain documents to be submitted and may require identity verification from the business owners. Having an EV certificate will display your business name in address bar and in some browsers makes the entire address bar turn green giving extra confidence to your users.

Once you have a certificate you will need to ask your hosting provider or web developer to install it. When installed you will need to redirect all of your traffic to the SSL version of your website.

After this you may need to update the code on your website to insure all content is being served on https, otherwise the web browser may report some of the websites content as unsecure. This last step can prove to be the trickiest step and may require good technical knowledge to identify and fix problems.

Conclusion

We recommend all of our clients have at the very least a basic SSL certificate installed. This will not only increase your website security, but will also give your customers greater confidence in your website and brand. As the online world moves towards better security online, Google is actively trying to encourage website owners to move to HTTPs to improving their search engine ranking, and will soon be telling users when your website isn’t secure.

As HTTPs is becoming more standard across the web, there has never been more important time to consider moving your website on to SSL.

If you are considering getting your website HTTPS/SSL enabled, please get in touch – we can help get you a certificate and migrate your website on to HTTPs.