So you may have heard that Google announced a couple of years ago that in determining search engine rankings, they were going to consider whether a site had an SSL certificate installed. (Or maybe you didn’t hear this… my ears might perk up more than yours at stuff like this.) First, some definitions.
What is an SSL Certificate?
SSL stands for Secure Sockets Layer. It basically means that if you have a SSL certificate installed on your web server, it will encrypt the data passed between your web server and your web site visitor’s browser. In the past, this was really only a big issue if your site collected sensitive information such as credit card numbers. For most of my clients, this was not a big deal because all credit card processing is handled by a third party, like PayPal.
How do you know if a site has an SSL Certificate?
You may notice that in some browsers, you’ll see the URL (the address of the site at the top of the browser window) starts with “http://” and sometimes it starts with “https://”. The latter means it has SSL. Lately, browsers will also sometimes show a green padlock icon to indicate that the site has SSL. And some browsers would warn you if you landed on a page where sensitive information was being collected on a site that was not secure (i.e. did not have SSL). This is a good thing. You (and your web site visitors) should not pass sensitive information through a browser that is not encrypted. Again, for most of you, this hasn’t been an issue because all sensitive information was handled by a third party.
Why do I care now?
So back to the opening paragraph. Google announced a few years ago it would start considering whether a site was secure in determining search engine rankings. Well, now Google has gone even further. They announced that this month they will start showing sites with a “Not secure” label in the URL address at the top of their Chrome browser if the site collects sensitive information and isn’t secure. And (here’s the real kicker), eventually (date TBD) it will expand this to show ALL pages with the “Not secure” label in the URL address even if the page doesn’t collect any sensitive information. (You can see pictures of how this will look for a user at this very helpful post: How to Get a Free SSL Certificate (and Why Google is Forcing You To)
While the timeline is not determined on when they will do this, it is definitely in your best interest to be researching now how to get SSL installed on your website, not only to potentially boost search engine rankings (although if everyone has to do it I’m not convinced of a bump in rankings… it’s kind of like if everyone is special then no one is special) and to ensure your website visitors don’t perceive your website as insecure (this is the bigger issue IMO)
What should I do?
I’m writing this post to give you a heads up. I’m in the midst of researching what I think is the best option for my clients. If you have a website on Shopify, Wild Apricot, or Wix, there are other considerations and I’m looking in to those. If you host with someone else, I will give you an opinion on what to do with your host provider. And if you host with me, I’ll have an option to offer once I figure out what I think makes the most sense from a cost and maintenance perspective. As you may have read in the post I linked above, you can get SSL certificates for free. You can also pay up to $250 per year for them. The difference is in the strength of the certificate and the ease of maintenance (e.g. the ones that are free require renewal every three months…royal pain). But the $300 ones provide a much higher level of security than most of my clients need. Regardless, they all require time from a human and the web hosting provider to install, and trying to anticipate what Google is going to do is a lot like herding cats. So this is not a one-stop-quick-fix sort of deal.
More to come! I welcome questions.