SSL Certificates and why we are using them

The question everyone's asking is “Do SSL Secure Certificates affect search rankings?”

Security has always been a priority for Google and announced it was to use HTTPS as a ranking signal, so far we haven't seen much change, but we know it's on the way.

Chrome is marking non-secure pages containing password and credit card input fields as Not Secure in the URL bar. In a way that's not surprising since Secure Certificates (SSL) have always been used/needed to encrypt and secure data transfer.

Our newly developed websites are now issued with a secure certificate

If we are developing a new website, then it's good practice to have HTTPS in place from day 1, we are also rolling out the installation of secure certificates for any sites we have built within the last 6 months.

It is a resource intensive process and there isn't a strong correlation yet between HTTPS and SEO. So although our newer sites will be issued with an SSL certificate, we do have to make a charge for older sites, which will be dependent on the size of the site.

Secure Certificate

A secure certificate is used to make sure that data can't be intercepted by anyone as it moves across the internet. If a website doesn't use an SSL or Secure Certificate, all information that passes between the web server and your computer is sent in plain text. That makes it easy to read and abuse any intercepted information using a simple man-in-the-middle attack or over a public Wi-Fi connection.

Secure Certificates are the solution and are very cheap these days. They encrypt the data before sending it over the internet where is decrypted safely at the other end.

So when you're next typing in your email address and password into your web browser, check the web address. Does it have a green padlock and "https" at the start of the address? The "s" stands for secure and if it's not there, think very hard about continuing. Perhaps even contact the owner of the website and ask them why it's not secure.

Why switch to HTTPS?

There is a lot of discussion on the internet about converting your website to HTTPS. Historically SSL certificates were reserved for data entry and payments. So many web developers are still confused whether it's worth the effort to implement an encrypted certificate and see it as an overkill.

Very few websites (percentage wise) have made or plan to make the change to HTTPS, certainly not in the near future. Google has stated that if all other factors are equal, HTTPS can act as a tiebreaker in the search engine results, which is why we would like to future proof all our sites.

Challenges with switching to HTTPS

Google has resorted to preferentially indexing HTTPS versions of pages over their duplicate HTTP version and will count collective signals from inbound links pointing to both the HTTP and HTTPS versions of a page.

Such high costs for an SSL certificate may not be justifiable for small business owners with limited budgets.

If you don't get it right, then you might end up with duplicate content issues, with both HTTP and HTTPS versions of your page getting indexed. Different versions of the same page might also show up in search engine results, confuse your visitors and lead to a negative user experience.

If you don't use our hosting

We take care of hosting for the vast majority of our clients and include it for free, but one or two of our clients still prefer to host their website themselves.

If you host your site, rather than with us then you just need to buy and install a relevant SSL certificate (preferably from your hosting provider) and we can take care of the remaining steps.

Please note we are having to make a nominal charge for this service due to the amount of work involved.

Steps to install a SSL Certificate

1. Buy and install a relevant SSL certificate, they need renewing yearly. Let's Encrypt ids offerring a free service if it is installed on your server.

2. Check all images and links for being HTTPS

3. *Use 301 redirects, your htaccess file can do this step.

4. Implement a new XML Sitemap for all the pages you need Google to index.

5. Add the new HTTPS version of your site and the Sitemap to Webmaster Tools

6. If you are using Google Analytics then set the preferred version of your site to HTTPS

*You can set up domain-wide 301 redirects from the http to the https version of your website, by adding the following code to the .htaccess file.

Note that this code is valid for websites hosted on Apache servers.

All sites being HTTPS will become more important in time

HTTPS isn't yet a huge ranking factor for search engines right now, although it might have a greater impact later.

Google has incentivised moving to HTTPS and Chrome browsers have already started showing an unencrypted website warning for displaying an unsecured HTTP version of a webpage.