A coalition of web presences have pushed for greater online security for internet users, and that accountability falls on the webmasters themselves. Attention around this has only gotten more aggressive in recent months to the point where browsers like Firefox from Mozilla are going out of their way to tell you if a site isn’t secure.
The Website Padlock
“Secure” in this case refers to having an SSL certificate present on a website. SSL stands for “secure sockets layer” and is a security technology which creates a secure connection between browser and web server.
So when you input any kind of information to a website, for instance if you use an email signup form on a site or enter payment information on an ecommerce site to make a purchase, that information is kept private. The SSL creates a sort of tunnel which is difficult to hack into so that the information is kept safe during the transmission.
Benefits of SSL
Getting an SSL certificate for your website has numerous benefits, the biggest ones being:
Above all else, SSL brings more security to your website. It is decidedly more difficult for a hacker to steal information from visitors to your website when the site is protected with an SSL certificate.
The website padlock icon will give your customers peace of mind and will help establish trust between your brand/website and them. Your website itself is seen as having more quality when that secure website padlock icon is proudly displayed in browsers such as Firefox.
Google has gone on record as far back as 2014 to say that SSL can have an effect on your rankings. This stands to reason as Google is always looking to give its users the best user experience, and anything which you can do to help that as a webmaster will in turn help Google give you better rankings.
If you have two websites which are both selling the same thing and are roughly equal from an SEO standpoint in Google’s eyes except that one has an SSL certificate and the other does not, then the certified site will always win out.
Aside from short term results, you can look further down the line in terms of benefits because the sooner you implement SSL on your site, the sooner you’ll begin ranking above your competitors who have not. With those higher rankings comes more traffic and potentially more natural, earned links which in turn will also help you rank better. All of this is to say, the sooner you implement SSL, the better.
How Much Does SSL Cost?
At this point you might be thinking to yourself that this all sounds hunky dory, so what’s the issue?
Unfortunately the security SSL offers comes at a cost, and the responsibility of that cost falls on the webmaster.
The cost of SSL varies widely from vendor to vendor and from level to level. Not all SSL plans are worth the same. Just from doing a quick search you’ll find prices ranging from free to $2,000.
If you’re a rational, logical person, this may set off a red flag. Anytime the cost of something ranges between free and $2,000, that’s enough to raise my eyebrow.
There is no regulating, and with vendors offering different levels of securities and different levels of “guarantees” or “assurances” on that security, they are free to charge whatever they think it is worth, or better said whatever they think someone will pay for it.
This article isn’t to do a review on SSL providers, but let’s talk about some basics.
Letsencrypt.org is a free SSL certificate provider. The catch is that they only work with certain web hosting providers. Or maybe better said, only certain web hosting providers will work with them. They have a complete listing of who supports them on their site, and most of the big names are missing.
I use HostGator for a number of my websites including this one, but I noticed their name was suspiciously missing from the list of supported hosts. At the time of this article, it’s listed in the “waiting/delayed” section and is waiting upon “further consideration”.
At the same time, you’ll find the HostGator sells SSL certificates through their own website, including a number of expensive packages. Most of the big name web hosts offer this, so it stands to reason why they wouldn’t want a free service coming in and taking their business and commissions.
If you happen to use one of the smaller hosts which support a free SSL provider, they’ll teach you how to get into it.
You can’t talking more about the cost of SSL without covering the types of SSL to understand why some cost more than others and what more or less protection different types offer.
Types of SSL
Different plans or types of SSL come with widely different price tags, always in terms of renewable plans of one year or more.
In comparing some of them, you may find it difficult to objectively distinguish between features. For instance, NameCheap offers “PositiveSSL” for $9 a year (at the time of this article) and “EssentialSSL” for $29 a year, with the only difference being the listed level of “assurance” being “low” for one and “medium” for the other, respectively.
NameCheap’s SSL certificates and services are provided by a company called Comodo which deals with a lot of hosting providers in offering affordable plans. Of course affordable is a relative term when the prices again vary so widely and wildly between providers, even different hosts which all use Comodo.
Comodo also offers a more expensive plan which they market to ecommerce sites specifically called “EV SSL”. The distinction here is a bit clearer as the EV SSL plan doubles down on providing the image of security as the entire address bar is green on websites which have that particular certificate.
Most plans offer from 2048 key and up to 256-bit encryption. The real difference between them all is generally the amount of insurance behind the plan. So if you have SSL and your site, information, or transactions are still hacked then you are insured up to the amount specified with your plan. The more you spend up front to pay for the certificate, the more insurance you have in place should anything go wrong.
All of this leads to the most important question on the topic of SSL, should you get your website certified to get the website padlock? In the past I would have said that it depends on the type of website which you have.
Ecommerce – If you have an ecommerce website, yes you should absolutely have an SSL certificate to keep your transactions as secure as possible. Let’s not waste any time talking about this no brainer.
Sign Up Forms – If you have any kind of website in which you gather information from your visitors, even as simple as a name and email address, you should still have an SSL certificate. Anytime information is being submitted to your website, you want your visitors to feel that the process is secure, no matter how seemingly trivial that information is.
Plus with browsers pushing in the direction of publicly shaming websites which are not certified, it’s not a good look when you pair that sign up form with a broken padlock icon or worse a warning message from the browser that the site isn’t secure.
Blog – This is the only remaining grey area. I’m going to throw every remaining website into the “blog” category, but keep in mind I’m referring to any information based site which doesn’t collect much to any information from its visitors. This could be an affiliate site where you just have a handful of affiliate links designed to generate revenue.
In this case I’ll refer you back to the “benefits of SSL” section of this article. Remember that SSL certified sites have an SEO advantage over those which don’t, including the website padlock.
So long answer short, if you have a website on which you’re targeting and trying to rank for competitive keywords, regardless of whether or not you collect information, then you likely still want that certification for the SEO benefit. Plus the padlock and other reassuring symbols are bonuses as we continue to advance toward an internet where insecure websites which get flagged in browsers become more visible and secured sites are the norm.
The only remaining site I would say where you could afford to wait on SSL certification is private sites where you don’t care about rankings or sites in which you have little to no competition from an SEO point of view. But know that all you’re doing is waiting and delaying the inevitable as eventually the internet will move to a point where certification is mandatory in owning a website.
How to Install SSL
Most web hosts make SSL “installation” and getting the certificate to appear for your website fairly simple and automated. You just need to demonstrate that you are of course the owner of that website and have the authority to approve and create an SSL certificate for your website. Note that this is only applicable to sites on dedicated or virtual private servers. If your site is on a shared or reseller hosted plan, you’ll likely have to have your host do much of it for you.
Check with your specific SSL and hosting provider for more details on how to ensure that your site becomes SSL certified and get that website padlock.