SSL is a security protocol used in the internet to securely transmit sensitive and private information.
Usually the SSL secures data transfer between a server and a client. If we are talking about websites, then SSL protects the information transfer between the web server and the browser.
By the way SSL stands for Secure Sockets Layer.
If a user on your website has to enter any information (that includes sensitive or private information like credit card details), then the information is transmitted in plain text format to the web server.
And if someone can eavesdrop, they can easily read the data and use it as they wish.
Here’s where SSL comes to rescue by encrypting the information that is transmitted.
This also is helpful in transmitting information between email server and and an email client like Outlook.
Websites that have SSL enabled usually have https in their URL as opposed to http. And, such websites usually have a green padlock icon in their address bar – this lets the users know that the webpage they are currently on is secured using SSL.
There are various levels of SSL certificates that can be purchased and according to the price the level of security (and other features) are upped.
One such upgrade is the Extended Validation certificate. Sites that have this level of SSL will have the green bar in the address bar.
How does SSL establish a secure connection between server and client?
To answer this question, let’s refer to the screenshot below from Digicert!
This 5 step process is technically called “SSL handshake”.
How much does a SSL certificate cost, where to get one and how to install?
The price depends on various factors like the level of security, the number of domains that you need to install SSL for and whether you want all the subdomains to be covered as well.
In general prices vary between being free (included in your web hosting package) to well over $700/year.
Apart from being part of web hosting package (assuming you are on a premium hosting package with a standard company) you should avoid all the other free or cheap options.
Remember, you are opting for SSL for security reasons and you cannot take risks on that.
Free or cheap SSL certificates won’t get the job done – and it is the valuable information (like your hard work, and your customers’ sensitive information) that is at risk.
Once you have purchased your SSL, all you have to do is contact your hosting provider and they will install it properly for you.
Site-wide SSL or page level?
And here comes another question. Do you really need to enable SSL site-wide? Or is it enough if you enable it on particular pages, like the “Purchase” or “Checkout” page?
Well, the answer to this question highly depends on the structure of your website.
If you sell one-off products (like downloads), then it is enough to have SSL enabled on a page level.
On the other hand, if yours is a membership site and if you have to protect content at various pages (like Lessons, premium content, Courses and so on), you have to have SSL enabled on a site-wide level.
If your sales pages or membership site runs on a sub-domain, you can enable SSL only on that sub-domain.
Site-wide SSL usually boosts the trust factor much better than the page level SSL.
When do you need SSL for your website?
Let’s see when you need SSL for your website.
You absolutely need SSL for your website if you sell stuff directly on your website.
For instance, if you have a direct payment button or a form that requires users to fill out sensitive information like credit card or bank details, you definitely need SSL.
People look for that trust padlock when they are about to enter their valuable information – I do that all the time.
If you are using a Paypal button or if the payment is going to be made through a different payment processor, you don’t need an SSL – but having one doesn’t hurt in this case.
Actually in this case, people are not directly paying to you. Once they click on the payment button they will be taken to the payment processor site like Paypal which is a trusted site and they have their own security measures.
Running a membership site
On the other hand, if you are having membership site and hence payment options, you most probably need SSL.
Even if the payment is accepted via a third party secured payment system, you might have to protect private information entered by your customers/members.
Also SSL adds an additional layer of safety to the content that has restricted access in a membership site – a Course or member-only content that needs to be accessed via a username and password are better protected with SSL.
To gain customer trust and hence boost conversions
Of course, with such options you can gain trust from your customers since they can be assured that they are not giving away their credit card and other personal information out on an insecure site.
This can also boost your conversions! I’ve clicked the back button many times in a payment page when I don’t see the safety lock!
Collecting sensitive or personal information
In general, even if you don’t sell anything, if you happen to collect personal or sensitive information from your leads then you should have SSL enabled on your site.
For instance if you require your leads or customers to fill out phone numbers or residential address, or if they have to upload a file or photo, then you should make sure that information is well protected.
When you do not need an SSL?
If your website is simply a blog or if it is just an informational site with no product or other kind of sales, you most probably don’t need a SSL – it could be a waste of time and money to get one and set it up!
However, you could get a bit of trust boost from your readers if you use SSL. And a little bit of blessings from Google since your site is trusted.
Having said that, to move to SSL just for the sake of getting ranking boost is not an effective idea!
What should you expect and what you shouldn’t!
You should expect to see some ups and downs and challenges when you are planning to move your site to SSL. And that includes the following!
Misbehaving or incompatible plugins
I’m sure, at the time of writing this, there are very many plugins that are not compatible (have not yet been made compatible) with SSL. So when you make a switch, expect to have issues, bugs, incompatibility and the like.
Some plugins might stop working altogether while others may misbehave or conflict.
So you might have a lot of work either replacing those plugins, removing them or get to the corresponding plugin support and get the issues fixed – which will be a tedious process (just giving you a warning here!).
Broken internal links
You might have manually linked to a lot of your other blog posts and pages in your content. So you will have to do a redirect of those links or else they will turn up as broken links.
Occurrence of a lot of broken links on a site is not good for SEO, in the first place.
In addition, and more importantly, your users will get to a dead end every time they click on an internal link that is on the content they read, which is very bad for user experience!
Gone social shares
Now that all your links are new and fresh, your social shares will be gone. It doesn’t matter if a post has 5 shares or 500 shares, after you’ve moved to https, all your posts will show a 0 count – which is very bad as your social proof.
Nevertheless, there are some plugins like Social Warfare, that can help you regain your social share counts.
Resubmit site in Google Search Console
Remember your site with http, and https are totally different entities. So you will have to delete your old site (the http version) in Google Search Console, and submit the new https version.
You will also have to verify your new site, and then submit your new https website’s sitemap to Search Console.
This ensures that you force Google to crawl your new website’s content – which is very crucial to get back your search engine visibility.
Change (boost?) in rankings
Anticipate a drop in traffic, especially search engine traffic, since your site is now fresh. Google (and other search engines) has to crawl your site and index everything.
Although technically everything starts afresh, search engines know better and it won’t take too long for your to regain your rankings.
And, people have reported a boost in rankings (after a while) after they’ve moved to https. This could probably because of the boost in trust factor and user experience.
Also search engines would want to present their users with sites that are safe.
However, if you are going to decide to switch to https just to improve your rankings, think again. No matter what, content is always the King!
Here’s what Google says in its official blog:
Increased loading time
In order to load a website over a SSL, there are a handful of extra steps. In particular, technically called as “SSL handshake”, the initial process takes some time to completed.
Here’s a diagram that explains this SSL handshake in simple terms.
But once this is done, everything else can be as fast as it were with http.
Nevertheless you should anticipate a bit of lag.
Would you opt for SSL certificate?
Well, I’ve discussed the various things that you should know if you are in the dilemma.
There are both plus and minus, but mostly plus. Having SSL definitely boosts the trust factor and makes your site safe!
At the same time, it is not something that you absolutely need. Only if you sell something directly, or if you require your users to provide you with sensitive and private information for any reason, you will need to enable SSL on your site.
If your site is simply a blog, you definitely don’t have to go through this.
Also remember that you might have to face certain issues during the move and be prepared, if you decide to switch to https.
Finally, if you are thinking about enabling SSL only for the sake of improving your search engine rankings, think again!