Due to the Alert Level 4 lock down. Wired will be operating at reduced hours. More information

Why SSL and HTTPS are essential for your site

Back in 2018, Google declared that it would be marking all sites which had no SSL certificates as “not secure”. This alert allows a website user to know if their information is safe when they engage with a site on the net.

If a SSL certificate is configured for a site, the URL will have “HTTPS” as its prefix and there will be a lock icon present in the address field.

HTTPS means that the site secures user data and also ensures that the user is connected to an authentic website.

The main message from Google is that they are advocating a more secure web and HTTPS will become the standard for all sites moving forward.


What’s an SSL certificate?

SSL stands for Secure Socket Layer (SSL). It is a security protocol which allows encrypted communications between a web host’s server and the user’s internet browser. It encrypts all of the data that is transmitted between the host and the website user by way of an encryption key that is added on the server.

If your site has no SSL certificate, then no secure connection can be established. This denotes that the information transferred is not associated with a cryptographic key.

SSL certificates contain the following information:

  • The certificate holder’s name
  • The serial number and expiry date of the certificate
  • A copy of the certificate holder’s public key
  • The certificate-issuing authority’s digital signature

How does SSL work?

HTTPS is an acronym for Hypertext Transfer Protocol Secure (HTTPS). It is the secure version of HTTP which is the standard protocol used for communications between your site and the browser a visitor is using.

HTTPS indicates that all communication between a browser and the website is encrypted. This means that none of the user’s data can be forged or tampered with. If your site is secured by an SSL certificate, your website will have HTTPS in its URL.

3 reasons to secure your site

Authentication

There are people who replicate sites in order to divert traffic and steal information from you. Authentication helps verify that you own a legitimate website.

It’s important to check that a site uses https before entering any personal information.

Data Integrity

This involves whether data has been tampered with while it’s in transit through the net. Someone quite savvy can actually interrupt the data transferred to a site and tamper with the contents. For example, information from a contact form submission could quite easily end up in the hands of a hacker and not the intended recipient.

Encryption

Encryption involves the security of the communication between the browser and server so that no one else can interrupt the data. This is a critical matter for ecommerce sites and, although transaction data is important to secure, it is also important to secure any form submission data that comes through the site as well.

Google states HTTPS and SSL are a must

Google has openly confirmed that HTTPS is used as a ranking signal when it comes to search engine results. This can give you the edge on competitors if they don’t have a certificate and you do.

Google goes on to confirm that if your site hasn’t deployed SSL, then your website’s credibility will also be affected.

Back in July 2018, Google began displaying a security alert, in the browser address bar of Chrome, for all sites that did not have SSL.

How much does it cost?

The cost of an SSL certificate will depend on your web host, who the certificate is purchased through and the type of certificate that they use. There are 3 types of certificates:

Single Domain: A certificate only valid for one domain
Multi Domain: Aka a Universal Communication Certificate (UCC). This secures multiple domain and host names within a domain name. This certificate is ideal for businesses that have more than one subdomain and websites for differing services, products or geographic locations.
Wildcard: This certificate type secures all subdomains that may exist for a single domain.

It is a good idea to consult your web host or IT department to ensure that you get the right certificate for your particular setup.

Switching from HTTP to HTTPS

Switching between the two protocols can be a finicky process. A few issues can potentially occur which is why you shouldn’t consider it a quick do-it-yourself process. This is what needs to happen to convert your site across:

  • Select your certificate.
  • Install the certificate on your site.
  • Update your site’s configuration to point to HTTPS instead of HTTP.
  • Redirect all pages of your HTTP website to your HTTPS site.
  • Re-verify your Google Search Console as HTTPS and update your sitemap location.
  • Update the settings of your Google Analytics property.
  • Test that your setup has been successful.

Your domain is not actually changing. Though the address to get there is. HTTP and HTTPS use two differing ports on a web host. Your traffic may drop as a result of the switchover as Google will need to reindex your website.

If there are marketing tools being used, or you run website ads, you’ll need to update the website there also. Even though HTTP will redirect into your HTTPS site, it’s best practice to update it as redirects otherwise slow the load time.

Securing your site with SSL

Securing your website with an SSL certificate is an absolute must if you seek to be competitive online. It is a way of establishing trust in your website and switching over sooner rather than later will be of benefit to your site.

SSL may also enhance your rankings through Google as they penalise sites that haven’t adopted the secure protocol.

Want to learn more about SSL? Contact us to discuss transitioning your website across to HTTPS.

Published on Thursday, 20 June 2019 under Support & Security.