Google changes on SSL website security and how it affects your business

In this article we hope to clear up some of the fog about recent Google changes affecting every business website out there – namely SSL. You will learn how Google are pushing security and encryption on the web, how it affects nearly every business along with why this should matter to your business. Finally, we hope to add some clarity as to what you can do about all of this.

First we will attempt to explain exactly what SSL is and why your business website desperately needs to have it.

[Update] – With the GDPR being enforced as of the 25th of May 2018 there is another reason to install SSL on your website and a very important one too. The GDPR requires a certain level of security being in place on your website to ensure a good standard of encryption, particularly if you are using contact forms. Please see our blog post on the GDPR and how it will effect you for reference.

Changes are afoot with Google (as ever)

Recently Google have been pushing website security envelope and trying to ensure that all websites serve encrypted information to their visitors. Encrypted pages keep any user input into search or text boxes along with the page content itself secure.

According to a recent HubSpot Research survey, 82% of respondents said that they would leave a site if they saw a “Not Secure” warning.

Does your website tell your audience that it is secure?

Very recently, one of the most prominent changes made by the big ‘G’ has been to their Google Chrome web browser (the most popular web browser currently available) where they have started serving a not-so-subtle notice to visitors browsing non-secure (read non-SSL) websites. This notice is probably the biggest single reason to upgrade your website to SSL as it WILL turn visitors away if the perception becomes that your competitors are secure and you’re obviously not.

Is any of this important?

These two factors – potentially improved rankings and visitor trust – are extremely powerful arguments in ensuring your website content is delivered via an SSL certificate.

I won’t go into detail exactly why website information should be encrypted, nor what can be done with the information if it is not encrypted (think fraud). There is plenty of information available out there to attest to the fact that it can be be bad, should a third-party choose to spy on sensitive information on your visitors interactions with your website.

In this case it’s the perception that your website is insecure that will be the important point for your users. Especially if they are browsing secure websites of your competitors. In this case your website will lack legitimacy and could appear to be fraudulent in of itself without SSL.

So, what is SSL?

SSL is an acronym for ‘Secure Sockets Layer’. It is also know as ‘Transport Layer Security’ which is a bit more descriptive in a technical way. Effectively, SSL ensures that any information shared from or to your website is encrypted. So, with SSL any information received by your website visitors and any information that they share with their interactions on your website will be encrypted. This protects your visitors from nefarious parties snooping and spying on them. It protects the the information they type into input boxes on your website (such as search boxes, contact forms etc.), and it ensures the data they browse in a login area as well as the website content in general is kept from prying eyes.

In order to deliver SSL on your website you will need to have an SSL certificate. This will need to be purchased or procured and your website will need to be associated with the certificate from a hosting level. Finally, all of the urls on your website will need to be switched over to https rather than tired old http.

How can I tell if my website has an SSL certificate?

Simply, is your website url something like http://www.yourdomain.com or is it something like https://www.yourdomain.com? What was the difference there? Did you notice the https in the latter example? Simply put that little s counts for a lot in terms of website encryption. That little s (as long as it is served by a genuine SSL certificate) determines whether your website can serve encrypted information to it’s visitors.

Do I really, REALLY need SSL?

In simple terms, right now the answer is most likely yes. However, very soon the answer will be unequivocally be a resounding yes! Most experts agree that Google will not stop here and will keep upping the pressure until absolutely every website is being delivered from behind SSL.

However, if you still want to be absolutely sure whether you really need SSL right now, you can ask two questions:

• Does your website take any form of user text input in terms of a search bar, contact forms, or login forms?
• Is your website using http:// in the address bar of the web browser?

If you answered ‘yes’ to both of the above questions, you absolutely should have SSL right away in order to prevent ‘Not Secure’ warning notices appearing in the web browser. Using SSL will remove these notices and ensure that any enquiry forms you have are more likely to be used (resulting in higher conversion rates).

If you’re still confused as to whether your website is serving encrypted pages properly, or the above seems too technical for you to answer right now, you can ask for a website review from us. We cover the essential question of SSL or not SSL as part of a full review and audit we do for website owners.
Find out more about our website reviews

Can I implement SSL myself without needing a developer?

Sorry, but the answer is yes and no and most likely no. If you have some technical competence on the web and can deal with hosting and domains, then the answer is a resounding yes. If not, them I’m afraid it’s a no, or at least a ‘best not’ for now.

To implement SSL on your website is far easier than it used to be. However, it can still be a real pain in the backside as it means that every page on your website and all images and urls must be changed from http to https.

Is an SSL certificate expensive?

Unfortunately, whilst there are cheap or even free providers of SSL certificates out there, there are costs associated somewhere along the line. Even should you manage to get a good free certificate, it will need to be frequently updated to keep it alive and current. So, whichever way you look there will be some cost or resource implications.

For a standard business website a premium level SSL certificate can cost you anywhere between £50 – £250 per year (as a rough guide). These will most likely need to be refreshed every year. There are free SSL providers, though, they need to be updated once every three months. As mentioned above, some resource/cost will be needed somewhere down the line.

Also, if your website is being delivered by really cheap hosting (less than £5 per month), you will most likely need an increase in server resources (it takes server resource to deliver encrypted pages). Thus, in this case you can expect to pay more for your hosting services too if you want a speedy website.

Someone told me that SSL is easy to implement, why are you saying that it’s not?

[rant]You’re more than welcome to listen to anyone and their dog who pushes out the usual dross about how easy everything is on the web, only to find out that due diligence matters here as much (if not more) than anywhere else. Simple mistakes can lead to no visitors or a defunct website.[/rant] Can you can tell I’m getting a little tired of this attitude 🙂

The facts are that EVERY url on your website needs to be changed. So, even if you can procure and setup an SSL certificate, implement it properly into your hosting layer and then change your content management system to see the new url structure, your job is still not done!

You have to make sure that every image (both delivered into and via the content on the website and through CSS etc.) and link is adjusted. If not you will again be warned of this by your web browser as the website will then be delivering some secure items (behind https) and some non-secure items (that are referenced through the old http). In that case you are serving ‘mixed content’ to your users and again their web browser will inform them that whilst some items on the page they are viewing are secure, some are not!

Our advice is simply to have your a reputable web company handle the SSL transition for you. They will charge for the service as when done properly, the process of migrating over to SSL will take them some time. However, I strongly advise in letting them take this over, otherwise it can easily end in tears.

Should I, shouldn’t I have SSL on my website?

If the answer isn’t a clear ‘yes’ by now I don’t know what I can do to convince you. This certainly isn’t some ploy or conspiracy to increase revenue. SSL is an important and necessary facility that your website should have as soon as you possibly can. It will ensure that you care about protecting your website visitors.

Using SSL on your website could also ensure that you take a lead ahead of your competitors for a little while. For example, there are a number of studies out there in the wild showing that an absolutely staggering number of websites that have still not been converted into using SSL. This is worrying, particularly in industries such as the legal professions for instance (you would expect them to take a lead in website security and encryption of information). Some studies are finding that over 80% of websites in those industries are NOT using SSL (you can do a Google search to verify this).

I’ll leave you with the above little gem of information. If you don’t want to ensure you are using SSL for your business to protect your users and portray a better image for your business, then, please at least think about how using SSL will enable you to differentiate yourself positively against that of your competitors, potentially joining or leading the pack.