+44(0)1633 276003 [email protected]

SSL security trust mark“Trust me.” That’s the most vital message any website can convey. Without trust, vis­itors just leave.

However, most folks expect to be trusted, even when they’re wary about trusting others. Whilst that’s fine for dealing with folks in person, web­sites need to plan to build trust. We do that by providing quality content, good service — and “trust marks” like testi­mo­nials, “About” pages, Privacy Policies and other reassurances.

Of course, search engines want to promote quality, trust­worthy sites, so many of these reas­sur­ances can be good for SEO, too. So online, trust doesn’t just enable sales — it act­ively increases sales.

…and Google just changed the game.

Google’s Great SSL Plan

So, as you may know, Google uses hun­dreds of signals to assess the quality and trust­wor­thiness of web­sites. It nor­mally keeps those signals secret, to stop people trying to fake them, and pen­alises those who do. However, in 2014, it con­firmed that sites using SSL security would get a boost in rankings. That boost is still cur­rently small, but is likely to get bigger.

Now, before we go further, here’s all you need to know about SSL:

  • SSL stands for “Secure Sockets Layer” — that’s not important, but it helps to translate acronyms, right?
  • It uses an “SSL cer­ti­ficate” to encrypt com­mu­nic­a­tions between a website and your computer
  • That encryption keeps you safer, and improves the web­site’s security, too
  • Pages using SSL start with “https” instead of just “http” — and browsers add a closed padlock icon, too
  • Most SSL cer­ti­ficates also link a spe­cific domain name to a spe­cific web server to confirm the site’s identity
  • Google doesn’t profit from this dir­ectly (e.g. by selling SSL). The goal is just to make the web a safer place, by gradually encour­aging all web­sites to use SSL
  • Five gov­ern­ments (including the UK) cur­rently want to undermine this sort of encryption. I don’t want to get political here, but that is important

Over the past year, you may also have seen “Not Secure” warnings on web pages that request pass­words or credit card info without using SSL. When Google Chrome started that, other browsers soon joined in. Now, from October 2017, Google Chrome will extend that to pages that contain any kind of form without using SSL — even Contact and Search forms. Again, other browsers are likely to follow suit.

One Step Forward…

So, more safety, more trust, more sales, better search pos­i­tioning… what could pos­sibly go wrong?

Well, providing all that extra value costs money. SSL cer­ti­ficates vary in fea­tures and price, but most need to be renewed and rein­stalled annually. The most secure cer­ti­ficates can display a green bar in some browsers — but can also cost four figures annually. Most are far cheaper, but still, it’s an extra expense.

Of course, clients on my Business Hosting Plus package enjoy SSL security as standard. Most hosting ser­vices don’t include SSL by default, though. So, it can seem tempting to remove a site’s Contact form to avoid the new “Not Secure” tag.

That would be a mistake. Why?

It’s all about trust

A Contact form makes a website look more open and trust­worthy, even to vis­itors who would rather ring or send an email dir­ectly. For most small busi­nesses, the cost of the sales lost by that lessened trust would soon out­strip the cost of adding SSL to the site. That’s why security is an investment, not a cost — it helps sites to make money.

On top of that, non-SSL sites are easier targets for hackers, because inter­cepting unen­crypted pass­words is easy. Being hacked usually costs far more than an SSL cer­ti­ficate. So, trying to avoid the “expense” of SSL really is a very false economy.

Besides, as noted above, Google ulti­mately wants all sites to use SSL. So, it isn’t just pen­al­ising those that use non-secure forms. It is act­ively pro­moting sites that use SSL. As more sites get on board with SSL, those that don’t will find it harder to compete.

Trust me on this.

This article is part of a cyber­se­curity series that began here. Don’t miss the next part! Use the form in the sidebar to sub­scribe to email alerts for new articles