Have you ever wondered why some websites start with “http://” while others start with “https://?” Or maybe you’ve noticed a little padlock in your browser next to the website URL and wondered what that meant.
What is that little “s” and what does it mean? The “s” denotes a secure connection between your browser and the web server. Simply put, that particular website is secure so your information doesn’t end up in the hands of a hacker.
What Is SSL?
“Secure Sockets Layer” or SSL, is a technology that establishes an encrypted link between your browser and the web server, ensuring all information passed between you and said server remains private.
Let’s break that down for anyone still scratching their head a little. Imagine you’re nearing the finish line of your first marathon. You’re 10 feet away from being the first person across the finish line, when out of nowhere, someone goes flying past you to steal that glorious trophy. Only, replace that guy with a hacker and that trophy with your credit card information.
How do hackers get this information? They place a small, undetected “listening” program on the server and wait for their prey. That bug waits until a user starts typing information on the website and captures that information to send it back to the hacker. When you visit a website encrypted with SSL, a secure connection is established with the server. This connection binds your browser and the server so nobody besides you and the website you are submitting information to can see or access the information you have typed in. This requires no action on your part; simply visit a site with an SSL certificate and the rest handles itself.
Does SSL Impact SEO?
While its main purpose is to secure your information, it’s no secret that SSL could help your search rankings. As part of their effort to make the internet more secure, Google has included SSL as one of the many signals in their search ranking algorithm.
Do I Really Need An SSL Certificate For My Website?
This isn’t a black and white issue.
Are you selling products?
If you run some type of e-commerce directly on your site, the answer is yes. Why? Have you ever abandoned a shopping cart because you didn’t feel comfortable typing in your credit card information? Well, there is part of your answer. Most importantly, you don’t want to pull a Target and allow your customers information to be stolen. If you use a third party like PayPal to process payments, you will not need a certificate because customers are not paying you directly. In this case, sites like PayPal will have their own certificate.
Do you have a membership on your site?
Whether it’s free or paid, it might not be a bad idea. Again, i’ll go back to that whole keeping-your-customers’-information-secure thing. Even if it’s a free membership, customers are still giving you their email address, password, maybe even other personal information. This is information that can easily allow hackers access to other accounts because even though we shouldn’t, plenty of people use the same password on multiple accounts.
Are you collecting sensitive information via forms?
Again, probably not a bad idea. You might be surprised how much information you actually collect about your customers. Note that having SSL does not mean you’re HIPAA compliant; this is a whole other beast. Google Apps offers a HIPAA compliant service as well as many other third party apps.
Is your website pretty basic or just a blog?
Probably not. If you aren’t collecting information from your customers, or even if you have some simple contact forms, it might be more hassle than it’s worth. If you use any apps on your site (like a social share counter) that pulls data from another site, it probably won’t work after you initiate SSL. Take for example ROI Online’s site. We used Box to house some rather large photo files. When we made the switch to SSL, those images were no longer being pulled in because they were not housed on a secure server.
Pros & Cons Of SSL
- Protection from scams like phishing
How Can I Get SSL On My Website?
So you’ve considered your options and decided to move forward. Great! First you’ll need to figure out which domains you need to secure and which type of certificate you need. Check out sites like Globalsign and GeoTrust for more information. Do you happen to host your website in HubSpot? Good news! HubSpot is rolling out a free and easy to use tool that lets you enable SSL with one click and a few domain record changes.