You may have seen headlines recently about Google changes that mean ALL websites should be on an SSL connection.
Argh! Panic! Right?
Well, kinda, but probably not.
Here’s the Back Story:
SSL (or Secure Socket Layer) is essentially like an overlay to HTTP, the protocol that governs how information is transmitted between websites and users. It’s what it sounds like – a layer that makes HTTP secure. A website that uses SSL can usually be identified because the website address will begin with HTTPS rather than just HTTP.
Our sites use SSL because we collect membership information, and take transactions. Our badges are also SSL, because some of our users have SSL sites, and need to display the image securely.
In simple terms, SSL takes the data submitted by a user and encrypts it, and protects it during transport so it can’t be messed with. Your SSL certificate also helps protect users against being directed to duplicate, fraudulent copies of websites without knowing.
Back in 2014, Google announced that in an effort to make the Internet a safer place, they would start using SSL as a factor when calculating search engine results. And more recently, that they will add a feature to the Chrome icon that doesn’t just show a padlock when you’re visiting a secure website, but which shows a red cross when you’re visiting a non-secure site.
And here’s what it means:
Making the web more secure is a good thing. But most blogs DO NOT NEED SSL.
If you’re not collecting sensitive financial data, and the only information users are providing is an email address to comment, or join your mailing list, you probably do not need SSL to make your site more secure.
The reason you might WANT to implement SSL is because you think it will harm your search traffic if you don’t have it – or it might boost your traffic if you do.
Well, kinda, sorta.
Remember, SSL is just one potential aspect of search ranking. There’s also your site’s domain age, and inbound links, and mobile responsiveness, and page load time, and pop-up ads, and keywords – remember that SSL is just one part of this mix. For a very big site with millions of visitors, then a small bump attributed to SSL might be worth thousands of extra visitors per month – but for most bloggers, especially those just starting out – it’s unlikely to be a big deal.
There’s a caveat here, of course. Over time SSL might become a BIGGER deal in rankings, in which case, you might want to look again. But if the only reason you’re considering SSL right now is for traffic, then we’d suggest focusing on improving other aspects of SEO before going down the SSL road.
What if i Choose to Move to SSL?
Essentially, there are two key benefits to using SSL.
- A boost in search traffic through higher rankings (potentially)
- A more secure site for your visitors
If you feel that your site requires SSL for one of these reasons, then the very, very best option, which we recommend with ALL of our heart is to get your host to do the work for you. If you don’t have this option, hire a developer from PeoplePerHour. This isn’t a job for people who don’t love computers and messing around in WordPress files. So how do you go about it?
1. Buy an SSL Certificate
You can buy an SSL certificate from your domain for your hosting company. Some hosting companies are offering them for free at the moment, otherwise, expect to pay around £20 per domain for a domain validation SSL, perhaps a little more for an Organisation Validation SSL. The domain SSL is all you need for a non-transactional website, while the OV certificate covers most basic commercial sites.
2. Update your Site
Your hosting company should install the SSL for you. This means they handle all the messy business of creating URL maps and redirecting links – effectively when you use SSL you’re creating an entirely new copy of your site and redirecting all your old HTTP pages to the new HTTPS pages. Ideally you also want to update all your internal links so they point to the new HTTPS pages, too. Oh, and you’ll need to update image links and stylesheets, too. And you’ll want to make sure any ad networks you’re working with support SSL (most do).
Like we said – messy.
If you’re using WordPress it is entirely possible for you to add 301 redirects to your .htaccess file but if you’re the sort of person who just read that sentence and seriously considered hiding under the desk, GET YOUR HOST TO DO IT FOR YOU. Or pay someone from PeoplePerHour. This is not the sort of job non-tech-enthusiasts should be bothering with, in our humble opinion.
3. Get Google to Crawl your New Site
Now you have an effectively new site, you want Google to crawl it and re-index it, to ensure your search traffic isn’t impacted.
You’ll want to add it as a new site and if you use Webmaster tools, submit a new site map as soon as possible. Make sure your Analytics code is also updated.
4. Test your Site
After a few days, you’ll probably want to test the SSL is installed correctly (again, your host is the best person to do this) and ensure all content is being indexed correctly. If it isn’t, you’ll need to work through the installation process again – we strongly recommend asking your host to do this for you if at ALL possible.
Have you made the move to SSL? Got any questions? Let us know in the comments.