SSL certificates have become the standard method of securing internet connections to safeguard any sensitive data (such as personal or financial information) sent between two systems. The connections being secured could be between a server and a user’s browser, or between two servers.
An SSL certificate (which stands for Secure Sockets Layer) does this by encrypting the data moving between these systems, to prevent malicious individuals from being able to intercept it. TLS (Transport Layer Security) is simply an updated version of SSL.
If an SSL certificate covers a website, its URL will contain “HTTPS” (Hyper Text Transfer Protocol Secure) as opposed to simply “HTTP”. On the left of the URL, there will be a lock symbol in the address bar that users can click to view certificate details.
If you don’t have an SSL certificate, your website does not use a secure protocol. Without one, your precious traffic will gradually dwindle to nothing. Why?
New versions of some popular browsers now alert (spook) users when they land on a website that collects user information (for example, through your contact form), but does not use a secure protocol to transmit that information to the host server of your website. These warnings can range from displaying a red warning in the address bar, to the browser outright blocking a user from accessing the site.
You might object: “But we don’t collect any sensitive personal or financial data!” Frankly, browsers don’t care whether the information collected is sensitive or not. And in this day and age, even seemingly benign information such as email addresses and phone numbers should be considered sensitive (bad guys can initiate password reset requests and the like, just by using a few pieces of such personal information they collect over an unsecured protocol).
Now, if that’s not convincing enough of an argument for you, consider that there is a correlation between websites appearing on first page of Google and using a secure protocol. Google and other major search engines openly encourage websites to use HTTPS and publicly state that doing so will result in a small boost in rankings.
While migrating to HTTPS is not free (and can cause minor disruptions with rankings and traffic if not diligently planned and executed), it is well worth the investment to have a long-term healthy strategy.
- Request to register a “wildcard” certificate, as this type will cover all your subdomains (e.g. www.domain.com, subdomain.domain.com etc.).
- Purchase a 2048-bit encryption certificate as recommended by Google.
- Purchase the longest possible renewal term to signal stability to search engines. Yearly updates to the certificate will be included in this cost.
Ali Kouros is the co-founder of MetaMed Marketing and leads operations, engineering, productions, and practice marketing for the company.