SSL and how it affects your business

Everybody has likely noticed that little green padlock in the URL bar of websites we visit, or maybe more accurately you’ve noticed the slightly more obtrusive “Not Secure” text when it is missing. That padlock comes from an SSL certificate, and it is not just there as eye candy. It actually means something important for anybody using a site that has one installed on it.

SSL is an encryption technology that secures the communications that happen between your site and your customer’s computer when they visit your website. When a customer tries to load up a website or submits information into a form on your website, they are initiating a data transfer call between their computer and the server providing or receiving the actual data. Encryption wouldn’t be necessary if they were physically directly connected to your server, but the reality of the web is that there are no direct connections occur between customer devices and servers.

Customer information requests and transmissions must traverse through various third-party data infrastructure including various internet service providers, routers, switches, wifi access points, cell towers, etc.  Each of these points that data crosses along becomes a potential data breach liability for unencrypted traffic. If the information is unencrypted anybody along the transmission path can see the contents of that information traffic plain as day. SSL cuts out the risks those intermediary destinations pose by jumbling that communication into nonsense while it is traveling through the various networks so that it can only be decrypted by the customer’s computer and the business’s server.

It used to be true that if you weren’t selling or collecting any data on your site it didn’t hurt anything to skip the SSL certificate, but that ship has sailed. EVERYONE needs an SSL certificate if they don’t want to deliberately sabotage their own SEO efforts and subsequent search engine ranking positions. Google now prioritizes sites with SSL higher in search rankings and penalizes sites without an SSL Certificate.

Why does Google Care about this?

Google cares about SSL on sites because they are in the business of delivering the very best search results they can muster. They have factored security into this equation because ultimately a secure website is going to deliver the best experience to their end customer, their searcher. Google’s end product is the search results it delivers, and it makes sense that as a business that serves their search customers with their product of search results,  they would prioritize a secure experience as the best option for their customer.

Where do you get an SSL Certificate?

You can get an SSL Certificate from almost every hosting company out there. Our own company sells SSL certificates here. There are even some places that will issue a basic SSL certificate for free, but it is important to note not all SSL Certificates are the same. They all put that nice little green padlock in the corner of your website browser, but they also all have different features, and different costs depending on the kind you choose, so if you aren’t 100% sure about them, it is worth having a conversation with us or somebody you trust who can help you choose and install the right one for your company.

Deploying an SSL Certificate Correctly

After you get an SSL certificate and install it, you need to make sure that you redirect all inbound web traffic to only the HTTPS version of your site, because if you don’t Site Visitors & Search engines will be able to access both the HTTP ( non secure version) and HTTPS (secure version) of your site, and that is not a good thing. Without redirection, you’ll have a duplicate content issue, which is an SEO “no-no”. Essentially from a search engine’s perspective, there would now be two different versions of your site out in the wild. They each will feature all the same content, and search engines hate duplicate content and will penalize you for it by downgrading your Search Rankings.

There are a few ways to handle redirection. If you are confident and proficient in web server administration you might choose to edit your .htaccess file in your site’s root folder to configure a rewrite rule that forces all traffic to HTTPS by adding the following before any other rules in your .htaccess file.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

Remember to back up a copy of your original unedited .htaccess file before you modify it, so if you screw it up, you have an easy path back to recover.  If you use the example code above, replace example.com with your domain name that you’re trying force to https. Additionally, you need to replace www.example.com with your actual domain name as well.

If you are running a WordPress site, you might consider installing the plugin Really Simple SSL to accomplish the force to HTTPS. It is one of our favorite plugins to accomplish this and does a great job redirecting everything to https on a pretty minimally invasive code footprint. It’s free, and a ton of people use and trust this plugin as well.

Always Good to Check

If you already have an SSL certificate installed on your site, the easiest way to check that it is doing what it is supposed to be doing is to load up your site and look at the full web address that comes up when the page loads. If it shows the lock icon in green or reads secure, and starts with HTTPS://, it is working, but to really make sure that you got the rest of the configuration correctly, delete the “S” off the HTTPS at the beginning of the web address and see if you can load your site under just the HTTP web address. If it lets you load the HTTP version we have a problem, but if it pulls back up and changes the web address back to HTTPS you are in the clear. Sometimes there are situations where HTTPS is enabled, but certain resources are being served over HTTP, and that will cause your padlock to display, but show a warning. If this is the case, an awesome free resource to help you figure out what is going on with your SSL is https://www.whynopadlock.com. They have a great diagnostic tool that will tell you everything you need to know to solve an SSL fault issue.

If you have questions about this stuff or know that you want help with it, don’t hesitate to message or call us, we are always here to help.