Skip to Main Content

Navigation

Minneapolis 2470 University Ave W
St Paul, MN 55114 (651) 646-0696

New York City 1216 Broadway, 2nd Floor
New York, NY 10001 (929) 322-4971

Why Your Website Needs an SSL Certificate TODAY

Is your website secure? Do your visitors feel comfortable and confident using your website? Securing your website with an SSL certificate is now more important than ever, and if your website isn’t configured to use SSL encryption it’s time to get it done!

In this article, we will summarize just what SSL and HTTPS are, and why they have become so important for every website. Then we’ll show you how to ensure that your website is secure by working with your web design company to make this process as painless as possible.

Does My Website Need SSL?

What is HTTPS and SSL?

For as long as I can remember, every browser has shared one universal piece of functionality – the location bar. This is where you can enter the web address (URL) of any web page you want to visit, and where the browser displays the URL of the page you are currently viewing.

Many people are familiar with the http:// that often precedes a web address, but more and more often we don’t need to type that in. Some browsers don’t even display this part of the URL anymore (Apple’s Safari, for example), but clicking the address will display the complete URL. Take a look at the top of your web browser window. The web address should start with https:// signifying that this web site is “secure.” But what does this really mean?

HTTP vs. HTTPS

Without getting too technical, HTTP is simply an abbreviation that signifies how your browser communicates with the website – Hypertext Transfer Protocol. With HTTP, information that visitors provide to a website – such as loading a web page, performing a search, filling out a contact form, or even logging in with a username and password – is transferred from the web browser to the server just as it was entered: in plain, readable text. This introduces several key security issues, but HTTPS extends the HTTP protocol with additional secure functionality to address these issues.

HTTPS/SSL Authentication

Authentication

While a website might LOOK legitimate, there is really no way of knowing that you are providing that information to someone you can trust. You may have heard of “phishing” attacks, where an attacker might create a website masquerading as another to trick visitors into giving them sensitive information.

For example, an attacker intending to steal the login information for bank customers might create a website design that looks identical to wellsfargo.com, but it’s actually a different website at welllsfargo.com (with an extra lowercase "l"). Aside from looking closely at the URL, there is almost no way to tell that this website is stealing your password. HTTPS enables the browser to verify the identity of the website through a system of trust and verification.

HTTPS/SSL Data Integrity

Data Integrity

The information passed between these two trusted parties travels through many different devices before arriving at the intended destination. In order to be able to maintain this trust, it’s important to be confident that this information hasn’t been changed or tampered with. An attacker that was able to alter communications en-route could conceivably inject malicious code to steal sensitive information, or plant a virus on a user’s computer. The encrypted HTTPS connection ensures that data has not been modified in transit between the browser and the website.

HTTPS/SSL Encryption

Encryption

Lastly, it’s not only important that the information hasn’t been changed, but also that it remains private. Users must be confident that sensitive data like passwords and credit card information can only be seen by the intended recipient. SSL encryption ensures that once you are communicating with someone you can trust, the information passed between you cannot be read by someone else along the way.

SSL Certificates

This verification and encryption relies on a “certificate.” When a user visits a secure website, the browser silently downloads a certificate and verifies that the certificate comes from a trusted third-party company. If the certificate is valid and trusted, further communication takes place within the secure encrypted connection.

When website owners purchase an SSL certificate, they are doing so in order to have these trusted organizations “vouch” for their organization and their website. These organizations take various measures to verify the legitimacy of a website or business before issuing the certificate and pass along their trusted status to the website owner.

Why does MY site need SSL?

Not so long ago, SSL certificates were typically reserved for use on websites that asked for sensitive information – things like passwords, credit cards, or social security numbers. Purchasing an SSL certificate was challenging and required lots of verification. Installing and configuring an SSL certificate was tedious and time-consuming. Understandably, many organizations opted not to use SSL on their websites.

But as technology became more sophisticated, so did the attacks and security breaches. Information that was not considered sensitive before was being used in new ways to steal credit cards, hijack account passwords, and compromise identities. Shady advertising got aggressive and began hoarding personal information and infringing on privacy. So organizations begin implementing SSL more broadly in order to regain trust and show customers that they care about their privacy and personal information.

Today, users are more aware of their personal information than ever before, and they can be skeptical of organizations that don’t prioritize the security of that information. Companies that secure their websites with SSL encryption stand to see real benefits that go beyond warm fuzzy feelings.

Search Engine Ranking

In 2014, Google announced that after several months of testing they had begun using HTTPS support as a ranking signal in search results. That meant that HTTPS websites with SSL encryption could see a boost in search engine rankings compared to those without. Research from Moz confirms that support for HTTPS has a low positive correlation, lending support to Google’s statements that HTTPS support serves as a sort of “tie-breaker.”

Improved Conversions

Another part of Google’s push for a more secure web includes recent changes to Google Chrome, their web browser. As the most popular web browser in the world, the Chrome browser has a lot of influence on how the web is used and created. In September of 2016, Google announced that it was beginning an initiative to better inform users about the security of the websites they visit. In our previous article on Chrome's "Not secure" warning, we covered phase 2 of the initiative as Google began indicating sites as “Not Secure” when a user began entering information into forms.

HTTP pages with user input in Chrome after October 2017

As of July 2018, all pages and websites using HTTP will display “Not secure” in the location bar at all times. Then in October 2018, this warning will turn an ominous red when a user starts entering information into any forms. This doesn’t just include password fields, but search fields and contact forms as well.

HTTP pages in Chrome after July 2018
HTTP pages with user input in Chroe after October 2018

As you can expect, this is likely to have a big impact on conversions – users are much less likely to complete a contact form and generate a lead when a big red error jumps out at them. Companies that integrate HTTPS on their website will be able to retain the trust of their website visitors and ensure that they don’t lose valuable conversions.

How do I secure my website with HTTPS and an SSL certificate?

Probably the easiest way is to contact your web design company. At Plaudit Design, we now include SSL for free with every site we manage. As part of our ongoing commitment to security (and just making life easier for our clients), we integrated this directly into our hosting platform to give our customers one less thing to worry about. These certificates are monitored and renewed automatically to make sure that the site doesn’t accidentally go down, and we configure important redirects to make sure both search engines and users are able to find the pages they are looking for.

If your web design company doesn’t include something like this, then it’s important to make sure that you have your bases covered when transitioning to HTTPS and SSL.

Trustworthy Certificate Authority

Make sure that the certificate you purchase comes from a trustworthy and well-supported vendor. Companies that do not adequately verify the identity of a business or website may lead to their certificates being blacklisted. For example, in September 2017 the Google Chrome team announced a plan to distrust certificates issued by Symantec. Sold under several popular brand names like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, the Chrome browser will no longer trust ANY certificates issued through Symantec’s infrastructure starting around October 23, 2018.

Correct Configuration

It’s also important to make sure that the certificate is properly configured within the website. Depending on the hosting environment, there are several key considerations to account for:

  • HTTPS Host Configuration – Make sure that your certificate is properly installed, and works correctly. This is the most basic requirement.
  • HTTP Redirects – Make sure that visitors to the old HTTP website are redirected to the appropriate location on the new HTTPS website. This helps to eliminate duplicate content, and ensures that visitors wind up on the intended web page. We’ve seen misconfigured websites redirect everyone to the home page which frustrate website visitors.
  • Server Name Indication (SNI) – Most websites are hosted within a platform that also hosts websites for other customers. These servers must be configured to enable SNI in order to support HTTPS.
  • Relative or Protocol-Agnostic URLs – Often, websites include external resources to provide additional functionality. Things like website plugins, embedded forms, YouTube videos, Google Analytics are all accessed with additional URLs. On a secure HTTPS website, these URLs also need to be secure in order to avoid browser warnings. Someone will need to ensure that the links used throughout the website will maintain proper security.

These are just some of the considerations that need to be addressed to integrate HTTPS support, but we feel that it is worth it. A good web design company should be familiar with these concepts and have the experience needed to transition to HTTPS without a hitch. Plus with the recent push to secure the web, the tools and technologies required to complete the transition have simplified the process considerably.

Conclusion

At this point, any organization that relies on their website as a powerful part of their marketing and communications must transition to HTTPS and SSL in order to avoid losing business. The consequences both now, and in the coming months, have the potential to drive quality traffic away in the short term, and erode trust for a long-term impact.

Feel free to reach out to us with any questions, or if you need help making sure that your organization’s website is as effective as it can be.

Sign Up For Our Newsletter

Join to receive updates, inspiration, and news in your inbox from time to time.