SSL and Google Search
An SSL certificate ( Secure Socket Layer certificate) is a digital certificate that helps establish a secure and encrypted connection between a user's web browser (like Chrome) and a website's server. In simple terms, it's like a virtual padlock that protects sensitive information, such as usernames, passwords, credit card details, and other personal data, from being intercepted or accessed by unauthorized parties.
When a website has an SSL certificate, you'll notice that the URL starts with "https://" instead of "http://", and a padlock icon appears in the browser's address bar, indicating that the website is secure.
Do you need an SSL?
Yes. Ensuring your website has an SSL certificate is no longer just an option, but a necessity. Google now mandates SSL certificates for websites, as evidenced by the 'Not Secure' warning (seen below) it displays for websites without one. This important step by Google is aimed at bolstering online security and instilling trust in online activities, however, it means that many websites are suffering a drop in their visitors and may not even be aware of it.
Websites that do not have an SSL installed (even the most basic type) may appear on a browser (especially chrome) with the above 'Not secure' error and the page may not even dsiplay but instead just indicate that the website is not secure. Majority of users that see this page will leave your website immediately.
How do you get an SSL?
It's actually relatively easy. If you are using a subscription based CMS like Webflow, Squarespace or Shopify the base level SSL is usually included in your subscription plan. You can rest assured your site is secure and Google will not penalize your SEO (Check out my post about SEO if you're not sure what that means).
If you are using a self hosted CMS like Wordpress or a custom built site that you host yourself you can purchase an SSL from your domain name registration company or your hosting company. They will have guides on how to install the SSL and some will even do it for you.
What type of SSL do you need?
There are a few different types of SSL certificates available, each with its own features, validation levels, and use cases. Here are some common types of SSL certificates:
- Domain Validated (DV) SSL Certificate: This is the most basic type of SSL certificate that only verifies the domain ownership. It provides encryption for data transmission but does not require extensive validation of the organization or individual behind the website. DV SSL certificates are typically issued quickly and are suitable for personal websites or small blogs.
- Organization Validated (OV) SSL Certificate: This type of SSL certificate requires validation of both domain ownership and the organization's identity. It provides a higher level of trust as it verifies the legal existence and physical location of the organization. OV SSL certificates are ideal for small to medium-sized businesses (SMBs) or websites that handle sensitive customer data such as a members login area.
- Extended Validation (EV) SSL Certificate: This is the highest level of SSL certificate that requires the most rigorous validation process. It provides the highest level of trust as it verifies the legal entity, physical location, and legal existence of the organization. Websites with EV SSL certificates display a green address bar in the browser, indicating the highest level of security. EV SSL certificates are commonly used by large enterprises, e-commerce websites, or websites that handle financial transactions.
There are more variations but this is enough information for most people to make a decision on the type of certificate they need. You can always discuss your website's purpose with your supplier and they can recommend the best SSL for the job.