“Trust me.” That’s the most vital message any website can convey. Without trust, visitors just leave.
However, most folks expect to be trusted, even when they’re wary about trusting others. Whilst that’s fine for dealing with folks in person, websites need to plan to build trust. We do that by providing quality content, good service — and “trust marks” like testimonials, “About” pages, Privacy Policies and other reassurances.
Of course, search engines want to promote quality, trustworthy sites, so many of these reassurances can be good for SEO, too. So online, trust doesn’t just enable sales — it actively increases sales.
…and Google just changed the game.
Google’s Great SSL Plan
So, as you may know, Google uses hundreds of signals to assess the quality and trustworthiness of websites. It normally keeps those signals secret, to stop people trying to fake them, and penalises those who do. However, in 2014, it confirmed that sites using SSL security would get a boost in rankings. That boost is still currently small, but is likely to get bigger.
Now, before we go further, here’s all you need to know about SSL:
- SSL stands for “Secure Sockets Layer” — that’s not important, but it helps to translate acronyms, right?
- It uses an “SSL certificate” to encrypt communications between a website and your computer
- That encryption keeps you safer, and improves the website’s security, too
- Pages using SSL start with “https” instead of just “http” — and browsers add a closed padlock icon, too
- Most SSL certificates also link a specific domain name to a specific web server to confirm the site’s identity
- Google doesn’t profit from this directly (e.g. by selling SSL). The goal is just to make the web a safer place, by gradually encouraging all websites to use SSL
- Five governments (including the UK) currently want to undermine this sort of encryption. I don’t want to get political here, but that is important
Over the past year, you may also have seen “Not Secure” warnings on web pages that request passwords or credit card info without using SSL. When Google Chrome started that, other browsers soon joined in. Now, from October 2017, Google Chrome will extend that to pages that contain any kind of form without using SSL — even Contact and Search forms. Again, other browsers are likely to follow suit.
One Step Forward…
So, more safety, more trust, more sales, better search positioning… what could possibly go wrong?
Well, providing all that extra value costs money. SSL certificates vary in features and price, but most need to be renewed and reinstalled annually. The most secure certificates can display a green bar in some browsers — but can also cost four figures annually. Most are far cheaper, but still, it’s an extra expense.
Of course, clients on my Business Hosting Plus package enjoy SSL security as standard. Most hosting services don’t include SSL by default, though. So, it can seem tempting to remove a site’s Contact form to avoid the new “Not Secure” tag.
That would be a mistake. Why?
It’s all about trust
A Contact form makes a website look more open and trustworthy, even to visitors who would rather ring or send an email directly. For most small businesses, the cost of the sales lost by that lessened trust would soon outstrip the cost of adding SSL to the site. That’s why security is an investment, not a cost — it helps sites to make money.
On top of that, non-SSL sites are easier targets for hackers, because intercepting unencrypted passwords is easy. Being hacked usually costs far more than an SSL certificate. So, trying to avoid the “expense” of SSL really is a very false economy.
Besides, as noted above, Google ultimately wants all sites to use SSL. So, it isn’t just penalising those that use non-secure forms. It is actively promoting sites that use SSL. As more sites get on board with SSL, those that don’t will find it harder to compete.
Trust me on this.