Those of us who regularly surf the web and who subscribe or shop online, are used to seeing a green padlock with the word “secure” on the left hand side of the URL in your browser. These are HTTPS websites which have a Secure Socket Layer, or SSL, certificate installed, and which offer encrypted data transfer. This means that any information sent or received on such a website is safe and not interceptable by hackers.
Up until the end of 2016, installing a SSL certificate was not always recommended. In general, ecommerce websites were required to be secure, but most marketers and developers would have agreed that a non-secure HTTP website was sufficient for running a blog. So what has changed?
Google announced that from January 2017 the Chrome browser would show any HTTP sites as non secure when certain information is being asked for on a site. This would start with payments and passwords, and would then be applied to other forms of data entries.
To choose the right SSL certificate for your website, here’s all you need to know:
HTTP Vs HTTPS
An HTTP website (this is basically the address of your website) sends and receives information as it is – that is, it is not encrypted. This means that when you enter any information on this sort of site, the data gets sent as it is to the database. If a hacker were to intercept such this sent information, they would be able to use the data for their own purposes. So imagine entering your name, email address and perhaps your physical address too. Wouldn’t someone else having all of this information about you make you worry? An HTTPS website, which has a security certificate installed, encrypts all information entered and sent. This means that your data is protected and unreadable by an external party.
Types of SSL Certificates
There are varying degrees of security certificates, and depending on what type of website you have, the correct one needs to be applied. For example, ecommerce websites must all have an SSL certificate. It would be unthinkable to enter all of your personal and payment information on a non-secure site. If your site wishes to receive payments directly via credit cards, you have to let your bank carry out a security analysis of your website, and they will only issue the certification if all security measures are met. The liability of any security breaches you will have also vary greatly.
Why Not SSL For All?
First of all, if your website does not sell anything or require any data entry, you don’t really need a SSL. Secondly, if your website is not commercial and you are just starting out, you might not want to spend part of your budget on a certificate nor on a developer to install it and create the necessary HTTP to HTTPS redirects.
If you do decide to install a SSL certificate, make sure it is done properly. Installing it means the URLs of all of your pages have changed from HTTP to HTTPS. For search engines, this is effectively a different website. So to preserve your website’s SEO credentials, all of the necessary redirects from the previous HTTP pages to HTTPS need to be put in place. If this is not done properly you will lose all of the existing HTTP links, meaning your domain authority and search engine rankings will disappear. You need to preserve the old links to retain your search results standing. Imagine you have some big brands linking to your site; by switching to secure you could lose them all. That’s definitely not the way to go.
‘Let’s Encrypt’ Free SSL
However, there is a relatively new SSL product on the market which is free! ‘Let’s Encrypt’ has shaken up the certificate market with its free service, which is quite a big deal as SSL certificates can be quite costly. According to a tech expert, the free SSL is just as effective as the paid ones. The same key length/encryption is used and it is compatible with all browsers. If you are considering this option, here’s some more info.