+44(0)1633 276003 [email protected]

SSL security trust mark“Trust me.” That’s the most vital mes­sage any web­site can con­vey. Without trust, vis­it­ors just leave.

How­ever, most folks expect to be trus­ted, even when they’re wary about trust­ing oth­ers. Whilst that’s fine for deal­ing with folks in per­son, web­sites need to plan to build trust. We do that by provid­ing qual­ity con­tent, good ser­vice — and “trust marks” like testi­mo­ni­als, “About” pages, Pri­vacy Policies and oth­er reas­sur­ances.

Of course, search engines want to pro­mote qual­ity, trust­worthy sites, so many of these reas­sur­ances can be good for SEO, too. So online, trust doesn’t just enable sales — it act­ively increases sales.

…and Google just changed the game.

Google’s Great SSL Plan

So, as you may know, Google uses hun­dreds of sig­nals to assess the qual­ity and trust­wor­thi­ness of web­sites. It nor­mally keeps those sig­nals secret, to stop people try­ing to fake them, and pen­al­ises those who do. How­ever, in 2014, it con­firmed that sites using SSL secur­ity would get a boost in rank­ings. That boost is still cur­rently small, but is likely to get big­ger.

Now, before we go fur­ther, here’s all you need to know about SSL:

  • SSL stands for “Secure Sock­ets Lay­er” — that’s not import­ant, but it helps to trans­late acronyms, right?
  • It uses an “SSL cer­ti­fic­ate” to encrypt com­mu­nic­a­tions between a web­site and your com­puter
  • That encryp­tion keeps you safer, and improves the website’s secur­ity, too
  • Pages using SSL start with “https” instead of just “http” — and browsers add a closed pad­lock icon, too
  • Most SSL cer­ti­fic­ates also link a spe­cif­ic domain name to a spe­cif­ic web serv­er to con­firm the site’s iden­tity
  • Google doesn’t profit from this dir­ectly (e.g. by selling SSL). The goal is just to make the web a safer place, by gradu­ally encour­aging all web­sites to use SSL
  • Five gov­ern­ments (includ­ing the UK) cur­rently want to under­mine this sort of encryp­tion. I don’t want to get polit­ic­al here, but that is import­ant

Over the past year, you may also have seen “Not Secure” warn­ings on web pages that request pass­words or cred­it card info without using SSL. When Google Chrome star­ted that, oth­er browsers soon joined in. Now, from Octo­ber 2017, Google Chrome will extend that to pages that con­tain any kind of form without using SSL — even Con­tact and Search forms. Again, oth­er browsers are likely to fol­low suit.

One Step Forward…

So, more safety, more trust, more sales, bet­ter search pos­i­tion­ing… what could pos­sibly go wrong?

Well, provid­ing all that extra value costs money. SSL cer­ti­fic­ates vary in fea­tures and price, but most need to be renewed and rein­stalled annu­ally. The most secure cer­ti­fic­ates can dis­play a green bar in some browsers — but can also cost four fig­ures annu­ally. Most are far cheap­er, but still, it’s an extra expense.

Of course, cli­ents on my Busi­ness Host­ing Plus pack­age enjoy SSL secur­ity as stand­ard. Most host­ing ser­vices don’t include SSL by default, though. So, it can seem tempt­ing to remove a site’s Con­tact form to avoid the new “Not Secure” tag.

That would be a mis­take. Why?

It’s all about trust

A Con­tact form makes a web­site look more open and trust­worthy, even to vis­it­ors who would rather ring or send an email dir­ectly. For most small busi­nesses, the cost of the sales lost by that lessened trust would soon out­strip the cost of adding SSL to the site. That’s why secur­ity is an invest­ment, not a cost — it helps sites to make money.

On top of that, non-SSL sites are easi­er tar­gets for hack­ers, because inter­cept­ing unen­cryp­ted pass­words is easy. Being hacked usu­ally costs far more than an SSL cer­ti­fic­ate. So, try­ing to avoid the “expense” of SSL really is a very false eco­nomy.

Besides, as noted above, Google ulti­mately wants all sites to use SSL. So, it isn’t just pen­al­ising those that use non-secure forms. It is act­ively pro­mot­ing sites that use SSL. As more sites get on board with SSL, those that don’t will find it harder to com­pete.

Trust me on this.

This art­icle is part of a cyber­se­cur­ity series that began here. Don’t miss the next part! Use the form in the side­bar to sub­scribe to email alerts for new art­icles