Security, SSL and SEO: Does Your Coffee Shop Really Need a Bouncer?
Recently Google announced that sites using HTTPS would get a bit of an SEO boost, and the announcement prompted much discussion in the SEO world, as Google’s announcements generally do. Is this new development an opportunity for an easy increase in search ranking? Let’s talk about some of the basics: What is HTTPS and how do you get it? Why is it important enough to become a Google ranking factor? Is it worth getting simply for the SEO boost?
HTTP, the prefix that you see at the start of web addresses (also known as URLs), stands for hypertext transfer protocol, the system used to transmit information across the internet. You may have noticed that some web addresses begin with HTTPS instead. The ‘s’ stands for “secure” and is an indicator that the site is encrypted. Most browsers also show a visual cue when you’re visiting a secure site, such as a padlock in the address bar before the URL.
What makes a site secure? Where does that encryption come from? The key element is an SSL certificate, which needs to be purchased and then installed on a site in order to encrypt it. You will almost always see HTTPS and/or a padlock (or another visual indicator of security, depending on your browser) on sites where you make purchases or log in to manage an account. An SSL certificate is an absolute must-have on a site that is transmitting a user’s sensitive information. If you are entering in a credit card number, a social security number, a password, or any other similarly sensitive information, the encryption provided by an SSL certificate will ensure that your information will not be intercepted.
Secure is good, right? Shouldn’t every site be secure?
Security is great. Security is awesome. We’re all for security. But does everyone need the level of security provided by an SSL certificate? No. If your website is for informational purposes and doesn’t conduct sales transactions or ask users to input anything private, it’s unlikely that an SSL certificate is required.
To explain their reasons for giving sites with HTTPS a ranking boost, Google states that security is a top priority, and that they want to encourage and promote a safer internet. While this is a noble goal, a purely informational site running without SSL encryption likely isn’t compromising anyone’s safety. If you run such a site, you shouldn’t feel as though, by not having an SSL certificate, you are somehow failing to protect the security of yourself or your users. Likewise, if you visit a site and notice that it doesn’t have SSL, you have no reason to be concerned unless the site is asking you to log in, make a purchase or enter in private information.
I have had a few clients worry after typing “https” instead of “http” in front of their domain to view their website, which will result in a security error page if the domain is not encrypted. This isn’t cause for concern at all – you’re simply asking your browser to look for something that isn’t there, and the browser is informing you of this fact.
If Google wants me to have one, shouldn’t I get one?
When Google made its announcement about using HTTPS as a ranking symbol, do you know who was really happy about that news? Companies that provide SSL certificates. Many of the sites I’ve found touting the amazing SEO benefits of SSL certificates are – you guessed it – selling SSL certificates. In contrast, Google themselves said that HTTPS is “only a very lightweight signal” in their algorithms.
The cost of an SSL certificate can vary widely – you can find options that would cost anywhere from $50 to upwards of $1000 annually (not including additional costs incurred for installation and hosting expenses). The cost difference generally indicates the level of validation/verification that the issuer goes through – the issuers of high end certificates are not only providing a means for data encryption but validation of the company itself and its identity. Think of it as a background check for a website. This level of assurance is certainly important for some companies – before logging into a bank’s website, for example, a user would want to be certain that the site they were accessing had the highest level of security and trust available.
I’m not saying that you shouldn’t purchase an SSL, I’m just encouraging you to be realistic about the (likely extremely small) difference it will make in your rankings. If you’ve got a sizable budget for online marketing and SEO, and you’re already doing regular work – or hiring someone to do regular work – on optimizing your site, then maybe even a small boost is worth the cost to you. If that’s the case, you should go for it. I don’t know of any downside to having an SSL certificate other than the cost involved, it’s just that the cost may not be worth the benefit to all businesses.
If your business has a limited budget and adding cost to your website for a feature that you don’t genuinely need doesn’t appeal to you, don’t fret. When it comes to SEO, there is no one magic bullet. Choosing to pass on encryption is hardly going to be the difference between page one rankings and oblivion. Keeping your content fresh and relevant and spending a bit of time and effort on your online presence is likely to make much more of a difference than simply adding an ‘s’ to your URL.