“Trust me.” That’s the most vital message any website can convey. Without trust, visitors just leave.
However, most folks expect to be trusted, even when they’re wary about trusting others. Whilst that’s fine for dealing with folks in person, websites need to plan to build trust. We do that by providing quality content, good service – and “trust marks” like testimonials, “About” pages, Privacy Policies and other reassurances.
Of course, search engines want to promote quality, trustworthy sites, so many of these reassurances can be good for SEO, too. So online, trust doesn’t just enable sales — it actively increases sales.
…and then Google changed the game.
Google’s Great SSL Plan
As you may know, Google uses hundreds of signals to assess the quality and trustworthiness of websites. It normally keeps those signals secret, to stop people trying to fake them, and penalises those who do. However, in 2014, it confirmed that sites using SSL security would get a boost in rankings. That boost is still currently small, but is likely to get bigger.
SSL certificates encrypt data between the user’s browser and the server, which is crucial for protecting sensitive information. This encryption ensures that data, such as login credentials and credit card numbers, cannot be easily intercepted by cybercriminals. Encryption is not just about privacy; it also serves as a foundation for identity verification and trust. By using SSL, businesses can significantly reduce the risk of data breaches, thereby protecting both the users and the reputation of the website.
Since 2015, Google has defaulted to HTTPS for all its products, reinforcing its stance on security and data protection. By marking non-HTTPS sites as ‘Not Secure,’ it has set a clear precedent for online safety. This move is part of Google’s broader strategy to promote a secure internet environment and to give users confidence in the sites they visit. Websites that embrace this shift benefit from enhanced visibility in search engine results, which directly aids in building user trust and boosting engagement.
Now, before we go further, here’s all you need to know about SSL:
- SSL stands for “Secure Sockets Layer” – that’s not important, but it helps to translate acronyms, right?
- It uses an “SSL certificate” to encrypt communications between a website and your computer
- That encryption keeps you safer, and improves the website’s security, too
- Pages using SSL start with “https” instead of just “http” – and browsers add a closed padlock icon, too
- Most SSL certificates also link a specific domain name to a specific web server to confirm the site’s identity
- Google doesn’t profit from this directly (e.g. by selling SSL). The goal is just to make the web a safer place, by gradually encouraging all websites to use SSL
- Five governments (including the UK) currently want to undermine this sort of encryption. I don’t want to get political here, but that is important
You may also have seen “Not Secure” warnings on web pages that request passwords or credit card info without using SSL. When Google Chrome started that, other browsers soon joined in. In October 2017, they extended that to pages that contain any kind of form without using SSL — even Contact and Search forms.
One Step Forward…
So, more safety, more trust, more sales, better search positioning… what could possibly go wrong?
Well, providing all that extra value costs money. SSL certificates vary in features and price, but most need to be renewed and reinstalled annually. The most secure certificates can display a green bar in some browsers – but can also cost four figures annually. Most are far cheaper, but still, it’s an extra expense.
Of course, clients on my Business Hosting Plus package enjoy SSL security as standard. Most hosting services don’t include SSL by default, though. So, it can seem tempting to remove a site’s Contact form to avoid the new “Not Secure” tag.
That would be a mistake. Why?
It’s all about trust
A Contact form makes a website look more open and trustworthy, even to visitors who would rather ring or send an email directly. For most small businesses, the cost of the sales lost by that lessened trust would soon outstrip the cost of adding SSL to the site. That’s why security is an investment, not a cost – it helps sites to make money.
Research has consistently shown that the presence of an SSL certificate can boost a website’s conversion rates. Online shoppers are more inclined to purchase from a site they perceive as safe. In fact, a Shopify report highlights a noticeable increase in completed transactions when users see the padlock icon. This implies that the modest investment in SSL not only protects data but also enhances the economic performance of a website by encouraging customer trust and loyalty.
On top of that, non-SSL sites are easier targets for hackers, because intercepting unencrypted passwords is easy. Being hacked usually costs far more than an SSL certificate. So, trying to avoid the “expense” of SSL really is a very false economy.
Besides, as noted above, Google ultimately wants all sites to use SSL. So, it isn’t just penalising those that use non-secure forms. It is actively promoting sites that use SSL. As more sites get on board with SSL, those that don’t will find it harder to compete.
Trust me on this.