I’ve written before about how to hacker-proof your website, but in the title of this article, I’m not asking about keeping the bad guys out. I’m talking about your security certificate for your website. Does your website use an SSL (Secure Sockets Layer) certificate to encrypt the connection between your visitor’s browser and your web server? You can tell if your web address starts with https: instead of http:, and you have a green padlock like this:

ssl-example

Why Is It Important to Be Secure with SSL?

First a little background. The SSL certificate is a special set of files you place on your web server, and once configured properly, the SSL (Secure Sockets Layer) establishes an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private.

If you’re doing any type of credit card processing on your site, you’re required to have an SSL certificate installed so credit card data isn’t transmitted across the internet unencrypted. Someone watching the traffic, could catch that data and steal it.

But if you’re not doing any credit card transactions, why would you take the time to have an SSL certificate installed? There are a few reasons:

  1. Every time you log into your admin console for your website’s content management system (CMS), you’re transmitting your user id and password back to the web server for validation and to allow you to log in. Again, someone watching the traffic could grab that data, giving them access to your website.
  2. Google wants user’s experience to be good, and they are encouraging websites to use an SSL certificate to encrypt all data. They have said that it is a ranking signal to the search engine, and can boost a site slightly in the search results.
  3. My personal feeling is that it gives a bit more trust to a website. The more  your visitors trust your website, and by extension, you, the more likely they are to do business with you.

The Disadvantages to Using SSL

As with every positive, there often is a negative, and in the case of setting up SSL on your website, there are a couple:

  1. You’ll take a slight speed hit on your website performance, because every web page request has to be encrypted and decrypted on each end. So the data your website is sending back to the user’s browser has to be encrypted first, then transmitted, then the browser has to decrypt the data before it can be displayed. Google wants fast websites, so converse to the slight boost from having an SSL certificate, you’ll get a small hit on performance.
  2. You have to buy the certificate which can run several hundred dollars depending on the type you get. You have to renew it every 1-3 years as well, so it’s an ongoing cost.
  3. Configuration can be a bit of a challenge. When I decided to set mine up, it was a technical process that isn’t for the faint of heart, and I had to involve the techies at my awesome hosting company, WPEngine (they really helped me through it!)

Furthermore, if you don’t quite get it all set up correctly, you’ll end up with something that looks like this:

ssl-bad-example

Note that this website has the https: meaning they have the certificate properly installed, but they haven’t configured their website to fully serve up secure content. See that there’s no green padlock? That’s the symptom. Most browsers like Chrome and FireFox will block the insecure content even though the certificate is there.

Did the SSL Help My SEO?

When Google announced a couple years ago that they wanted to see SSL certificates installed on websites, a lot of SEO pundits were screaming that everyone has to get it done because it’s a ranking signal. Well, yes and no. It’s a small signal, and probably won’t make or break your site’s SEO performance. My organic traffic did see a modest 5% increase with the last month over the previous month, but I can’t say I can attribute it directly to the certificate. It could just be noise in the data too.

I’m glad I did it, and I notice that most of my competitors haven’t done it yet, so maybe it’s giving me a little bit of a leg up on them.

I’ll write a step-by-step article soon on the process to actually get your site set up with SSL, but be prepared, because it is a bit of a process that you’ll need some technical skills and patience to go through it. More soon!

Have you installed and configured SSL on your site? If so, what was your experience? Tell me in the comments.