Long dismissed as cumbersome and complicated, today there are numerous, important benefits of SSL certificates for security, SEO and sales.
In fact, if your website doesn’t soon employ SSL, it could be entirely de-listed on major search engines such as Google in the years to come.
The reason is simple – the Internet is trying to become as secure as possible.
You will no doubt soon learn of the advance of uninterrupted user-to-user encryption, such as the upcoming blockchain technological revolution (Bitcoin was an early pioneer) – that will soon replace the banking, accounting, legal/contractual and messaging systems as you presently know.
With the rise in cyber attacks and the growing fear of cyber warfare among world governments, any and all unprotected systems, computers and websites run the risk of being targeted, the culmination of which don’t merely affect the hacked machine, but whatever machines are subsequently infected, spreading exponentially like a pandemic or virus.
This is how spam spreads so rapidly to the point of shutting down entire servers and networks, and how entire databases of supposedly private membership details, messages and photos are often leaked online. Sometimes for ransom.
Security Benefits of SSL
The most obvious correlation is that SSL is primarily designed for website security.
SSL stands for “Secure Sockets Layer”. This is a layer of encryption that allows for a secure link between user and web server.
Without it, any web traffic transmitted between a user’s browser and the web server can, and often is, monitored, collected or “sniffed”, by anybody so inclined with basic hacking software.
Does your website have any of the following:
- A contact form
- An admin page, where you edit content, access databases, or change settings – such as WordPress, or cPanel
- A user login area, such as a customer dashboard, or messaging, or forums
- An online shopping cart, where customers enter payment information
- A search form
- A newsletter Subscribe feature
- Anything else that requires a “Submit” button be pressed?
If your answer is Yes to any one or more of these, your website needs a valid SSL certificate installed, as soon as humanly possible.
In fact, if you are accepting credit cards or passwords over your website, you should stop reading this article right now, and install an SSL certificate without delay.
The consequences are many, and suffered often:
- Email addresses submitted through web forms such as contact forms and Subscribe buttons are regularly collected by spammers
- Passwords are stolen, and later used to logon to compromise devices
- Payment info is stolen, and later used by criminals, often for micropayments that are difficult to detect, but also for some big purchases
- Search information can be studied by competitors and spammers
- Any “private” messages or content can be read, made a copy of, and stored somewhere
What SSL does is prevent this data from being decoded by a third party. This is where you see tech jargon like 256-bit encryption, or SHA-2 hashes.
It is this simplistic importance of SSL that has prompted search engines like Google to reward SSL-compliant websites (more info later in this article), and even foresee the near future where all websites will be required to use SSL.
Fortunately, there are now free SSL certificates, and low cost ones (around $20 a year), with some high end options running into hundreds, and even thousands, of dollars.
Types of SSL Certificates
The world of SSL is highly confusing, dominated by big brands, yet all of them accomplish the same objective: securing user-to-web server communications.
How do you know a website is protected by SSL? The little green lock in the browser address bar is the indicator.
Here is a basic run down on the types of different SSL certificates.
Domain Validated (DV)
These are the quickest and generally the most inexpensive SSL certificates to install. You simply buy the certificate, answer some basic questions in line with your web hosting settings, verify you have authorised access to the domain (for instance, through a valid email address for the domain), and a certificate is automatically generated.
There is a free SSL certificate option through the upstart Let’s Encrypt, though their certificates must be renewed and reinstalled every 3 months (most other certificates are every 1-3 years).
Comodo PositiveSSL runs around AUD$20 a year, GeoTrust’s QuickSSL Premium runs a little closer to $100, and, at the higher end, the industry-leading Symantec (formerly Norton), offers its Symantec SecureSite ($500) and SecureSitePro (around $1000). These commercial-grade SSL certificates include warranties from $10,000 to into the millions of dollars, in case there is ever a breach that costs you money, due to flaws in their SSL certificate.
The latter two are considered more from the “Organisation Validated” (OV) line of certificates, but the necessity of these OV certificates has lessened with the advent of the EV SSL (green bar) certificates. Symantec’s OV offerings include daily malware port scanning and vulnerability assessment reports, as well as being recognised as the industry leader, justifying the higher investment.
Extended Validation (EV)
These certificates offer the highest level of consumer trust.
Also referred to as the “green bar”, a website protected by EV SSL is clearly distinguished by the larger green area in the browser URL, that includes the registered company name and location in the green bar. You can see Mother.Domains’ EV SSL certificate in your browser bar.
This involves a much more extensive validation process, as these certificates are not issued to everybody. You need a registered business and contact details, validated by a formal legal letter or inclusion in a high end business database such as DUNS. The result is a much higher level of consumer and professional trust.
Any online store or serious business should invest in EV SSL.
Comodo’s EV SSL runs around $160-200, GeoTrust’s True BusinessID EV SSL is closer to $300, and Symantec’s full-blown Secure Site EV SSL certificate runs in the $1400 range.
This name and uses are fairly exciting, if you are an SSL or web development nerd, as it protects an unlimited number of subdomains under your main domain.
This means, for the price and installation of one certificate, you can protect all of your subdomains – mail.yourdomain.com, app.yourdomain.com, blog.yourdomain.com, messaging.yourdomain.com, etc.yourdomain.com.
Wildcard prices run from around $160 for Comodo PositiveSSL Wildcard, to $350 for GeoTrust’s QuickSSL Premium, to a whopping $3000 for Symantec’s Secure Site Wildcard (they do scan every single subdomain daily, which could add up).
This is where it gets complicated, as, for one Multi-Domain Certificate, you can install a pre-determined number of domains under the same certificate. However, you have to select and pay for the number of domains upon purchase, and this becomes expensive and complex – to the point it might be easier to buy one cheap certificate at a time.
And what if you want to add more domains to the certificate later? You have to reissue and reinstall again.
They are all different, bound by different rules as to the number of domains included, and we suggest if you want to learn more about Multi-Domain Certificates that you research them thoroughly before committing to purchase.
From our research at Mother.Domains, we haven’t really found too much of a cost or time benefit to employing or installing these on our own networks.
Some Notes on SSL
In all instances you will need somebody to install this for you. If your web developer can’t handle this for you, your web host or a third party usually charges around $20-30+ per install – a little more for the higher end certificates.
While, in the past, each SSL certificate required a dedicated IP address, now you can circumvent that by installing something called SNI (Server Name Indication).
As certificates expire, you will need to renew them, and essentially reinstall your certificate.
If this all sounds like too much hassle or expense, consider moving to an SSL-ready hosting service, such as our flagship Secure Green Hosting offering, where SSL is installed, and renewed, as part of an affordable monthly or annual price. All the technicalities and troubleshooting are handled on your behalf.
If you run a website that has numerous third party images, such as a WordPress site, you might see an error message in the little lock area. This means you are including insecure content like images and other media on your otherwise secure page. After you change the image links to include https:// at the front, or only link to external images on secure webpages, the lock should return to its clean green, with no errors.
Benefits of SSL for Search Engine Optimisation (SEO)
So what does SSL have to do with SEO?
In September 2015, Google announced that it was providing a ranking boost for https/SSL-protected websites – a 2% increase in search engine rankings. This was to reward early adopters of the soon-to-be industry standard that all websites must eventually use SSL.
If you’re a web designer, you know this is information that most customers would appreciate, particularly after you’ve learned the critical importance of employing SSL on all websites.
If you’re marketing products or services, you know that every bit of help with SEO makes a big difference. It could be the difference maker between you and your competitors.
Furthermore, when the day comes where all search engines require SSL in order to be ranked in their results, if your websites have SSL, you will remain in search results, while the websites that don’t, will be surprised to find they all but disappear from search engine rankings.
Benefits of SSL for Sales
Finally, SSL makes a massive impact on sales.
You’ve probably seen the little badges at the bottom of check out pages you’ve purchased through or online stores you’ve visited.
The point of these is that they act as “trust indicators”.
In fact, many companies pay big dollars on their brands of choice, simply to display these seals.
You can’t just post a logo – these seals are dynamically generated. When you click on them, the issuing certificate verifies that the site is legitimately protected by the corresponding Certificate Authority.
When a shopper visits a website, particularly a new store with which they are not familiar, they want to feel as trusting and comfortable as possible before they enter any private information such as credit card details.
Who is this company? Where are they based?
Is the ad scent consistent? Did I come to the right place?
Is the site secure? Does it use SSL?
Do they have a privacy and security policy?
What guarantees do they make?
Consumers are, generally, intelligent beings. They think a lot. Studies have shown that a huge amount of shopping cart abandonment – is because of a lack of trust or concerns with a website’s security.
One recent study showed 48% of shoppers don’t fully trust a website without a trust seal, and 61% of customers haven’t made a purchase due to an unavailability of trust seals, and 69% of customers abandon their shopping carts altogether.
Trust indicators, on top of the EV SSL, are the clearest, simplest, and most effective means to alleviate a big part of this.
I admit, the first thing I look at, on every new website I visit, is the lock in their URL bar. I’m curious to see which SSL certificate they’re using. I am particularly impressed by websites that run EV SSL certificates.
If they are an online store or require any sort of form submission or login, I rapidly depart their website. Do not purchase from these insecure websites. Send them a friendly reminder.
The more customers that trust your site, the more sales you’ll receive, the more traffic your website will have, and the more your SEO should organically increase.
Conclusion on SSL
SSL is a necessity on the modern Internet, as we motor ahead in the 21st century.
You can take the time to research the best options for you, your business and your clients, or opt for an existing SSL-enabled secure web hosting service.
Between security, SEO and sales potential, you’ll find that SSL is worth the investment – that can cost as little as nothing, if you have the time and wherewithal to attain and install one yourself.
For anything SSL-related, send us a message here or on help at mother dot domains.
Have a safe, secure life – digitally, and in the real world.
Online Shopping Security Tips – Philippines Government
How trust factors influence online sales and conversions – Internet Retailer
Secure Green Web Hosting with free SSL installed – Mother.Domains