7 Reasons you need a sitewide SSL on your website
What is a Sitewide SSL certificate?
When you visit a website the address in the browser typically starts with “http://” or sometimes it will say “https://”. If it has an “s” at the end, the site has an SSL certificate installed on that page. An SSL certificate is an encrypted way to pass information between web servers and browsers. Occasionally only certain pages are secure such as the checkout page for an e-commerce site. When every page is secure we refer to that as a sitewide SSL.
The big question is; should you install a sitewide SSL certificate on your site if you don’t have an e-commerce site and only have a simple blog or company website? Google says yes and so do we. The truth is that you technically don’t need a sitewide SSL certificate, but not having one can negatively impact your search rankings. To assure that your ranking is better on search engines, such as Google, it would be strongly advised to install one. Not installing one will hurt your SEO strategy.
It used to be that sites would only have an SSL certificate on specific pages where data is submitted or e-commerce checkout pages. This kept personal information safe for the web user on sites that were selling products or taking sensitive information. But as the industry has changed, it is becoming important to not only follow the above rule, but to also install sitewide SSL on all pages, including content/blog only sites.
Below are 7 reasons why you should install a sitewide SSL.
1 – BROWSERS
Different web browsers alert visitors, via a stern warning, that the site they are about to visit is not protected by a sitewide SSL. This could cause you to lose traffic or have a higher bounce rate. Bounce rate is the percentage of people that land on your website and leave within a few seconds. When secure, the browser will show a green lock icon alerting the visitor that your site is secure and safe for them to browse and enter sensitive information.
2 – SEARCH ENGINES
The search engines are the gatekeepers of the internet and Google specifically is pushing HTTPS, and will continue to do so. They are already starting to prioritize ranking for sites with sitewide SSL. So having your site secure is a must-have just like mobile friendly site design (responsive design) was a few years ago. Now responsive design is a must have and SSL’s are quickly following suit.
3 – USER TRUST
When a visitor sees that your site is secure, they will know that the data they are submitting is secure. Such things as making a purchase, submitting a contact form, creating an account, signing up for a newsletter, or using built-in search bars on a site are all actions one might take when they come to your site. You want to gain their trust by assuring them these actions will be secure.
4 – SECURE DATA
Let’s say you are logging into the admin of your WordPress site — if you don’t have sitewide SSL, your username and password is not secure. The data being transmitted is not encrypted. Having a sitewide SSL certificate will not only protect your public site but your admin panel as well.
5 – SSLs ARE CHEAP
SSL certs aren’t cheap or free because of Google favoring https. It’s two fold. Http/2 makes https as performant as non-https (in years past, https used to be slower). Providers such as LetsEncrypt.org (supported by many BIG NAMES, not including Google) have made it their mission to help secure the web for everyone, for free.
The cost of SSLs have come down in price recently. As stated above, one reason for cheaper SSLs is because providers, such as LetsEncrypt.org, have made it their mission to help secure the web for everyone, for free. Another reason is because is that more sites are running on http/2 which allows the sites to run faster over https then if they were non-https.
Due to this, some hosting providers are beginning to offer free SSL certificates. So the expense to add and maintain an SSL can be minimal depending on what kind of SSL you purchase and from where.
6 – IMPROVED ANALYTICS
When all of the above things are inline you will start to see an improvement in everything from bounce rate to user interaction. Taking this important step is one way to help you rank better in search results. There are so many factors in what makes a site rank well. Although adding a sitewide SSL certificate is a good start, continuing to focus on additional search strategies is important to maintain excellent rankings.
7 – FUTURE PROOFING
And the final nice thing about installing your sitewide SSL is you are future proofing. You might only have a blog now but plan on adding e-commerce or a subdomain that requires an SSL in the future. You are already covered and don’t have to figure out the whole SSL thing and launch an e-commerce store at the same time.
HOW DO I INSTALL AN SSL?
So what does it take to add an SSL certificate to your site? If you are not familiar with the steps involved in changing your site to HTTPS then you might consider letting a pro handle it. In most cases it’s worth the few hundred dollars to hire an expert. To not have to worry about dealing with hosting providers and technical issues for hours on end can bring peace of mind. A typical install should take 1 to 3 hours.
In a nutshell, you will need to purchase an SSL certificate, install it on your server, change all your site links using 301-redirects, and then test your entire site to ensure everything is now secure. However, your site’s complexity will determine what exact steps you need to take.
Many hosting providers offer SSL certificates as part of their hosting plan. Or they can be purchase independently and installed on your server. Some hosting providers do not allow you to install your own SSLs and there might be a fee to do it.
You might be able to get the agency who built your site to help with installing the SSL, or they can help communicate what your needs are to your hosting provider for you. They may also help you with with your 301 re-directs that re-direct any traffic that was at “http://” to resolve to the address starting now with “https://”. This is important because you want to make sure that you don’t lose any search history for a page that would no longer exist. The re-direct makes sure that when someone clicks on a search result from 2 years ago that was indexed by google, the page redirects to the correct “https://” version. Without this, the user will land on a 404 error page.
WHAT ELSE NEEDS TO BE DONE?
You will also need to update your primary website URL in Google Analytics and in your Google Search Console settings. In Google Search Console you will also need to add properties for the “https://” versions of your domain.
If you use WordPress there are lots of little things that are effected when you change to HTTPS but there are some good plugins that help with this. I like to use Real Simple SSL plugin. This plugin automatically detects your WordPress settings and configures your website to run over HTTPS. This is a FREE plugin that handles a lot of the heavy lifting involved with ensuring the entire site is secure. Check out the plugin link below.
Once you have your SSL installed you want to make sure that all your pages on your site show the green lock icon in front of the browser. This will tell you that the site is secure. Sometimes image paths might not get updated properly within a theme setting for something like an icon or logo. If a certain image is missing from the site it is probably because the image path link was not converted to HTTPS. You can use your browser’s web tools feature to verify what images on a specific page are not secure.
Once you are sure that everything is working great, sit back and relax knowing that you have made a big step in updating your site to have a sitewide SSL.
MONITOR YOUR ANALYTICS AND DON’T FORGET TO RENEW
Now start to monitor your web traffic, via Google Analytics, over the course of the next couple of months and you should start to see improvements. Make sure to mark your calendar and renew and install your SSL before it expires. Nothing worse than finding out your site hasn’t been secure because you bought an SSL lasting 3 years and forgot all about it until 3 years and 2 weeks later when it’s expired. Since SSLs expire from their issue date you don’t want to buy it more than a week or two prior to expiration. Good news is, you already did the hard part of updating all the URLs across the site so it makes installing a new SSL easy. Sometimes, depending on where you purchase your SSL, it might auto renew, in which case you just need to make sure your credit card is up to date before it charges your card. That is probably the number one mistake we see with clients’ domain registration and hosting or other recurring payments that are tied to a credit card — they have a old card on file and the hosting company just shuts off their site because the card was declined.
In closing, we want to stress that having an SSL is not essential but it is becoming more and more important to the point where if you don’t have one it will hurt your search results as browsers and search engines push for “https://”. Get on board now so you are not left behind.
If you have any questions about this, or would like to discuss your new web project, feel free to contact us.
If you found this article helpful please like and share on your favorite social media channel.