What is an SSL certificate?
Before we tackle those questions, let’s cover the basics. SSL certificate stands for Secure Sockets Layer, a security method that allows for the encryption of data when being transferred over a server. SSL certificates help to protect the transfer of sensitive information such as credit card numbers, passwords and usernames, Social Security numbers, and more.
How does it work?
SSL certificates utilize a public and a private key, which work together to establish an encrypted connection. Typically, data sent between a browser and a web server is sent as plain text, which can leave you vulnerable to hackers.
Why use SSL?
The benefit of using an SSL certificate is that it offers encrypted protection during the online transfer of sensitive information. (Indeed, you are required by the Payment Card Industry (PCI) to have an SSL certificate if you collect credit card information on your site.) SSL certificates can also help you gain your customers’ trust and protect against phishing schemes.
Additionally, Google now provides a slight ranking boost to websites using HTTPS. Technically, Google still only looks at the first five characters in the URL, meaning that your site could leverage the HTTPS protocol without a valid certificate in place and still receive a ranking boost. However, as Google’s Gary Illyes suggested, more stringent checks will eventually be put into place.
Choosing a certificate.
Choosing an SSL certificate can be complicated since not all providers offer all the same certificate types. To simplify the process, you can refer to the table below, which outlines the certificate offerings from six of the major SSL providers. If you plan to stick with the same SSL provider for more than one year, you can often receive a substantial discount if you pay for two or more years upfront.
Purchasing through a third-party reseller tends to be the cheapest option — the only caveat being the quality of customer assistance you may receive.
How to choose a certificate:
Identify the property types you wish to protect (domain, sub-domain).
Identify if you need protection for a single property or multiple properties (wildcard or multiple domains).
Then, decide which level of protection you need.
domain-validated — LOW
organization-validated — MEDIUM
extended validation — HIGH
What type of SSL certificate works best?
Companies offer a myriad and confusing array of SSL certificates. The two primary ones to pay attention to are:
Standard Validation SSL – Standard level of validation. Typically cost between $0-$100.
Extended Validation SSL – Offers the highest level of validation and often costs between $100-500.
SEO advantages of switching to HTTPS
In addition to the security offered by HTTPS, there are additional SEO benefits for marketers to take advantage of.
1. More referrer data
Whenever traffic passes from a secure HTTPS site to a non-secure HTTP site, the referral data gets stripped away. This traffic shows up in your analytics report as ‘Direct.’ This is a problem because you don’t know where the traffic actually comes from.
If you use HTTP, traffic from sites like Hacker News shows up as ‘direct’, because Hacker News uses HTTPS.
Fortunately, there’s a simple solution: when traffic passes to an HTTPS site, the secure referral information is preserved. This holds true whether the original site uses HTTP or HTTPS.
As more and more sites make the switch, this becomes increasingly important.
2. HTTPS as a rankings boost
On one hand, Google has confirmed the ranking boost of HTTPS. On the other hand, with over 200 rankings, it’s likely you’ll find the effect of any ranking influence to remain quite small.
In fact, a recent study by Search Metrics showed no detectable advantage to sites using HTTPS. Like most ranking signals, it is very hard to isolate on its own. In fact, don’t expect HTTPS to act as a silver bullet. If rankings are your only concern, there are likely dozens of things you can do that will have a bigger impact.
3. Security and privacy
Many people argue that HTTPS only provides an advantage if your site uses sensitive passwords. That’s not exactly true. Even regular boring content websites can benefit from HTTPS / SSL encryption.
HTTPS adds security in several ways:
- HTTPS verifies that the website is the one the server it is supposed to be talking to,
- Because HTTPS prevents tampering by 3rd parties, it stops Man-in-the-middle attacks, making your site more secure for visitors.
- HTTPS encrypts all communication, including URLs, which protects things like browsing history and credit card numbers.
The advice is this: Make the switch to HTTPS is reasonable for your business. Security and trust add to the small ranking gains, making it worth the effort if you can.