Skip to main content

Why If You Don't Have SSL for Your Website You Need to Fix it NOW!

Picture of Mike Del Cuore
Mike Del Cuore
7 min read

Secure Site

Why you need an SSL Certificate 

You may have been browsing the web and come across a site where you noticed a little lock in the address bar. Or that some websites have HTTPS and some have HTTP. Well, what you’re witnessing is the difference between a secure site and a non secure site. Now the non secure site may be perfectly harmless to your computer. The difference is that the HTTPS site has taken some steps to add an extra layer of security. You should always make sure a website you enter your personal or financial information on has HTTPS otherwise you risk having that information stolen without you even knowing. So what is HTTPS? That is what a website has when it is using an SSL Certificate.

What is an SSL?

SSL stands for (Secure Socket Layer) and is the standard security protocol in the web industry. Websites that use SSL must have what is known as an SSL Certificate. This is a validation token of your website that typically contains your standard business information like name, address, etc. Having one allows your website to have a secure connection with the end user. SSL.com explains:

[SSL is] standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

This is especially helpful for eCommerce websites or any website that uses sensitive information from credit cards, bank account, social security and more. However, due to recent changes with Google, more and more informational sites are acquiring SSL certificates for their sites as well. More on that later. So how do you get an SSL certificate?

How do you get SSL?

How you acquire an SSL Certificate depends on how your website is hosted. If you are hosting your own website on your own server, you will need to generate a certificate signing request (CSR). A CSR is some information that is stored on your server. This is sent to a Certificate Authority who will review and verify your information before issuing your certificate. Fortunately, if you host your site with a large hosting provider such as Go Daddy, HubSpot, Network Solutions, etc. then your hosting company makes it much easier for you to acquire an SSL. Many companies even provide one free with certain subscription levels. See below for links to instructions for acquiring an SSL with the major hosting providers:

Why is an SSL important?

When you visit a website, information is sent from your computer to a destination server to and then replied back to your computer. Any other computer between you and the server can see this information if it is not encrypted. This is where an SSL comes in. When you encrypt the information sent between your computer and the server, it becomes unreadable to anyone other than the intended parties. This provides a level of confidence to your users and peace of mind knowing that sensitive information reaching your site will not fall into the wrong hands.

Another reason having an SSL is important is due to a 2014 update to the Google ranking algorithm. In part, this is to encourage an “HTTPS EVERYWHERE” agenda from Google. They said in their release:

For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Although they consider it a “lightweight signal” any SEO analyst can tell you that any advantage you can utilize in the optimization of your site should be taken advantage of. In fact, since then Google has held true on their promise to strengthen it. As 2015 was wrapping up, industry professionals were that HTTPS would be even more important heading into 2016. Radomir Basta of FOURDOTS.COM predicted

With HTTPS becoming a more relevant search ranking factor, getting a SSL certificate and its proper implementation are a greater imperative for webmasters in 2016.

Things to consider with SSL

If you are implementing SSL on an existing site, there are some things you should be aware of and plan for before switching to HTTPS.

  • Design Credibility – The CSS and Java Script of the site must be redirected from HTTP to HTTPS. If you have hard coded image paths such as http://www.domain.com/folder/file.jpg then you will need to manually change http to https for every instance throughout the site. Failing to do so will result in broken images not showing up, pages not displaying correctly and overall design / layout issues will appear immediately as soon as it is connected. To avoid this, it is best practice to use relative paths when linking on the page and building CSS / JS. Using the above example, the link is formatted like /folder/file.jpg. A relative path assumes the primary domain of the site and updates automatically when HTTPS is activated.

Redirect– You want to make sure you implement a redirect code for any possibly traffic that is sent directly to HTTP. This will help retain all traffic that might be lost once the HTTP version of the site is gone. Jeewan Thapa suggested this and provided an example redirect code in this Linked In post:
Make sure the redirect code is  in place in config or htaccess depending on type of  development platform you are using. Here is a redirect code snippet for web.config:

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
 <match url="(.*)" />
  <conditions>
   <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  </conditions>
 <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>

Another option is to set up a 301 redirect with your registrar. The process is slightly different depending on which registrar you use, but the overall goal is the same. You’ll want to make sure you redirect or forward the non www secure domain to the www secure domain. That way any potential user will reach the site without issue.

 

All in all it is widely believed that every site should use SSL. Now there are more and more incentives for this to become a reality. But as a website owner, you shouldn’t let the mystery of SSL discourage you from investing in securing your site. What can be a fairly small investment on your end has tremendous benefit to you as the website owner as well as your customers. Although it may be pretty complex in certain scenarios, there is a plethora of resources to assist with purchasing and implementing an SSL certificate. Utilizing your hosting provider support resources will help answer many questions and often take many steps out of the process, making it easier on you the business owner. 

Website Redesign